search

samyk / evercookie

Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
https://samy.pl/evercookie/
4.42k stars 663 forks source link

Malware detected #44

Open AceGambit opened 10 years ago

AceGambit commented 10 years ago

Just to let you know Symantec Endpoint Protection has just detected malware in the evercookie-master.zip download "Trojan.Maljava!gen26" in evercookie.jar

dretax commented 10 years ago

Hahaha, true. Eset found it too.

samyk commented 10 years ago

Hah, interesting, does that quarantine evercookie entirely? Perhaps I can have it be downloaded separately if it is removing the entire zip/package if that's the case.

gabrielbauman commented 10 years ago

Hmm, looks like the exploit I used to try to break out of the Java sandbox is being detected. I can build a version without it if you like, or I can do some obfuscation to prevent detection. On my test systems the rest of evercookie works fine, but we can't have people getting virus warnings when visiting evercookie sites.

samyk commented 10 years ago

An obfuscated version that evades the filters would be awesome. If we find that it's rediscovered in the future, we can have two separate versions and have users perform an additional step to acquire the drop-it-like-it's-hot-java version.

gabrielbauman commented 10 years ago

Okay, I will see what I can pull together. It might take me a few days - things are extremely busy at work right now.

samyk commented 10 years ago

No worries, appreciate you looking into this!

gabrielbauman commented 10 years ago

Okay, I spent some time on this. Current detection status: http://virusscan.jotti.org/en/scanresult/a574f7b18262d0b0b3566eb3cefe1d026c961d62. Four scanners to go until we hit stealth mode again ;)

samyk commented 10 years ago

Oh man, this is rad

mikeytusa commented 10 years ago

This is still happening with Windows Defender. Tried to install evercookie through Bower and it was throwing errors. Windows Defender showed it was detected as malware. Once I allowed it through Windows Defender, all was well. Works great through Bower on my Mac's.

Speaking of -- it would be awesome if this was listed in the Bower package directory.

http://bower.io/search/

AlinaSob commented 9 years ago

I've got virus warning in Kaspersky anti-virus - virus found in evercookie.jar. Will the rest of it work, if I just delete evercookie.jar?

ssokolow commented 9 years ago

@gabrielbauman You'll also want to check it against VirusTotal.

The page you linked only lists 22 scanners while VirusTotal has 54.

stratocentric commented 8 years ago

so ... how to download?

chrislandeza commented 6 years ago

Will evercookie work without the evercookie.jar file?

samyk commented 6 years ago

Yes, removing the jar only disables the Java based mechanism.