Skip to main content

Topic: foo_scrobble (Read 1653 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.
  • EpicForever
  • [*][*][*][*][*]
Re: foo_scrobble
Reply #25
Looks like bit defender doesn't like the fact that this dll uploads certain data to the Internet... I am guessing it by word 'cloud' invoked in threat name.

  • kode54
  • [*][*][*][*][*]
  • Administrator
Re: foo_scrobble
Reply #26
Maybe someone else is insane enough to install their own distribution of vcpkg and install cpprest, so this thing can be built independently and verified?

One of the scanners on VirusTotal seems to think this is a piece of some recent ransomware. Probably a false positive.

  • gix
  • [*]
Re: foo_scrobble
Reply #27
It certainly is a false positive. Though there obviously is no way for me to prove that. All those vague heuristics are in my experience really unreliable, and of course it's impossible to find out what they actually scan for. And even if I were to release a new clean version you could surmise I was just more careful about hiding it.

Targeting such a small obscure group of users seems like more trouble than it's worth. The good news is, if you are paranoid enough, everything to create your own build is freely available.

  • kode54
  • [*][*][*][*][*]
  • Administrator
Re: foo_scrobble
Reply #28
I'm not paranoid. I've gotten false positives for my own work, which all magically went away for that two year period where I paid the Authenticode Cartel for a certificate. $26 for notary public services, to verify my two forms of ID, and $475 to Thawte, bought a handful of people peace of mind. I still think it was a waste, though.