lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 22 Jun 2004 17:20:16 -0400
From: "fedhead" <fedhead@...ers.com>
To: "bugtraq" <bugtraq@...urityfocus.com>
Cc: "Dave" <djm@...e.k12.ca.us>
Subject: RE: Unusual Activity in Ad-aware 6 Personal, Build 6.181


I have tracked it down and Dave, your assessment seems to be correct for my
situation. Ad-aware was scanning an old Palm Attachment folder I had in my
profile which stored the attachments of e-mails I had synced with my Palm,
including my Bugtraq e-mail which contained Jelmer's zip of this IE exploit.

It would appear that Ad-aware stores the file its scanning into the cache
folder only fop the time length it takes to scan that file, thus when it
read the zip file, Norton AV also scanned the file and found the trojan.

Sorry for all the confusion everyone and thanks for the feedback.

Matt

-----Original Message-----
From: Dave [mailto:djm@...e.k12.ca.us]
Sent: June 22, 2004 10:58 AM
To: fedhead
Subject: Re: Unusual Activity in Ad-aware 6 Personal, Build 6.181


What did the ad-aware LOG say?   I am also using ad-aware 6,  I have a
"Cache" directory while ad-aware is actively scanning my system.  When the
scan completed, the cache directory disappeared, probably because it had
nothing more to do other then remove cookies.

My best guess is AW is finding this trojan on your system, isolating it, but
not quarantining it.  I would suspect that Norton is finding it after its
found by AW.

This is not a shock, Norton has frequently not found active exploits in the
past until another program "reveals" the hidden objects.  Switch to Sophos
or McAfee, rescan your system to remove the exploit, and run Ad-aware
manually to see the logs of whats happening.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ