lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3FFFFCDB.24948.346F79A7@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Virus / Trojan

"Otero, Hernan (EDS)" <HOtero@...chile.cl> wrote:

> Today found this suspicious file attached to an email, obviously is a virus
> (our AV don?t detect it :-( ). The virus/trojan is very simple, the
> developer only put effort in obfuscate the strings inside the binary.

If you suspect it is a virus, why in heck post a sample to a public 
mailing list?

If you suspect something is a new virus or other malware and your AV 
does not detect, for pity's sake send a sample of it to your AV 
developer.  Better yet, send a sample to several AV developers you 
trust to analyse it properly and report back to you, but whatever else 
you do, do not send copies of it to thousands upon thousands of unknown 
folk.  Fortunately the mail service you sent this from uses an AV that 
was updated for detecting this malware than the service where you 
received it (or, if the same service, the required update arrived in 
the interim between initial receipt and re-sending) and the file was 
detached from your message...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ