lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <080f01c4011d$c8a6caf0$1b69533e@hsportatil>
From: bernardo at hispasec.com (Bernardo Quintero)
Subject: Backdoor not recognized by Kaspersky

> It's Bagle/Beagle.J. The problem is that the file is password-protected, so it's not
> obvious how a scanner will get it until it's opened. Notice that the e-mail includes the
> password ("65316"). In fact Norton finds it when the ZIP is opened and the extracted
> file hits the file system.

The problem is the antivirus installed in the perimeter, that does not
detect those samples. Exist some antivirus that detects the ZIP infected
without knowing the password:

Scan results
 File: TextDocument.zip
 Date: 03/03/2004 13:14:16
----
InoculateIT 4625/20040302 found nothing
NOD32 1.648/20040303 found [Win32/Bagle.gen.zip]
Kaspersky 3.0/20040303 found nothing
McAfee 4.2.60/20040302 found nothing
Norton 8.0/20040302 found nothing
Panda 7.02.00/20040303 found [W32/Bagle.pwdzip]
Sybari 7.50.1138/20040303 found nothing
TrendMicro 1.00/20040302 found nothing

Bernardo Quintero
bernardo@...pasec.com



Powered by blists - more mailing lists