lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 4 May 2006 12:26:11 +0200 (CEST)
From: Joxean Koret <joxeankoret@...oo.es>
To: bugtraq@...urityfocus.com
Subject: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"


Hi to all!

Trying with a friend the latest Panda Antivirus and
ClamAv we have been found that they are unable to
detect the old "I Love You" virus by simply changing
the name of one variable.

Attached goes a working "I Love You" virus in which I
changed ONLY the variable "dirsystem" with the name 
"kk2" (The file attached have the extension ".txt.gz",
otherwise, with the .vbs extension the file will be
locked by all the most populars anti-viral toolkits).

If you sends it to an e-mail server that uses the
Panda True-Prevent this will not found any virus. It
will be "quarantined" if you send with the extension
".vbs", obviously, but will not detect it as a virus.

Panda Antivirus Client-Shield will not found nothing.

It's supposed that Panda TruePrevent and ClamAV should
detect the strings that found in the contents of the
file and should detect it as a virus.

I found, also, that Norton Antivirus 2005 is unable to
detect it.

You can download any old virus that you want, rename
one variable and you will have a "0 day virus". 

Wow! That's fun!

NOTE: ClamAV (ClamAV 0.88.2/1439) detect's it.

Disclaimer:
~~~~~~~~~~~

The information in this advisory and any of its 
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory. 

---------------------------------------------------------------------------

Contact:
~~~~~~~~

	Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es


		
______________________________________________ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y móviles desde 1 céntimo por minuto. 
http://es.voice.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ