lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <08ea01c40140$d9b3f200$5b00005a@moregarlic.com> From: larry at larryseltzer.com (Larry Seltzer) Subject: Backdoor not recognized by Kaspersky >>The problem is the antivirus installed in the perimeter, that does not detect those samples. Exist some antivirus that detects the ZIP infected without knowing the password: I'm sure more of these detect it by now. I suppose SOP for these scanners has been to extract files from ZIPs and scan them, but they need a more complex procedure now. Is it possible that portions of the encrypted ZIP are consistant enough regardless of the key that they can identify it? If not, for this particular case they could hack at the ZIP file and use the message body as a dictionary. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ larryseltzer@...fdavis.com
Powered by blists - more mailing lists