[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: bernardo at hispasec.com (Bernardo Quintero)
Subject: Backdoor not recognized by Kaspersky
> It's Bagle/Beagle.J. The problem is that the file is password-protected, so it's not
> obvious how a scanner will get it until it's opened. Notice that the e-mail includes the
> password ("65316"). In fact Norton finds it when the ZIP is opened and the extracted
> file hits the file system.
The problem is the antivirus installed in the perimeter, that does not
detect those samples. Exist some antivirus that detects the ZIP infected
without knowing the password:
Scan results
File: TextDocument.zip
Date: 03/03/2004 13:14:16
----
InoculateIT 4625/20040302 found nothing
NOD32 1.648/20040303 found [Win32/Bagle.gen.zip]
Kaspersky 3.0/20040303 found nothing
McAfee 4.2.60/20040302 found nothing
Norton 8.0/20040302 found nothing
Panda 7.02.00/20040303 found [W32/Bagle.pwdzip]
Sybari 7.50.1138/20040303 found nothing
TrendMicro 1.00/20040302 found nothing
Bernardo Quintero
bernardo@...pasec.com
Powered by blists - more mailing lists