lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <080f01c4011d$c8a6caf0$1b69533e@hsportatil> From: bernardo at hispasec.com (Bernardo Quintero) Subject: Backdoor not recognized by Kaspersky > It's Bagle/Beagle.J. The problem is that the file is password-protected, so it's not > obvious how a scanner will get it until it's opened. Notice that the e-mail includes the > password ("65316"). In fact Norton finds it when the ZIP is opened and the extracted > file hits the file system. The problem is the antivirus installed in the perimeter, that does not detect those samples. Exist some antivirus that detects the ZIP infected without knowing the password: Scan results File: TextDocument.zip Date: 03/03/2004 13:14:16 ---- InoculateIT 4625/20040302 found nothing NOD32 1.648/20040303 found [Win32/Bagle.gen.zip] Kaspersky 3.0/20040303 found nothing McAfee 4.2.60/20040302 found nothing Norton 8.0/20040302 found nothing Panda 7.02.00/20040303 found [W32/Bagle.pwdzip] Sybari 7.50.1138/20040303 found nothing TrendMicro 1.00/20040302 found nothing Bernardo Quintero bernardo@...pasec.com
Powered by blists - more mailing lists