| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40473853.11816.3272A6D@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Backdoor not recognized by Kaspersky "Schmehl, Paul L" <pauls@...allas.edu> wrote: > McAfee now detects the password protected zip files. (There are other > things you can look for besides trying to decrypt the contents of the > zip filel Also, zip passwords are weak and easily broken anyway.) Though cracking is not, I believe, how it is done. Knowing the limited character set and length of passwords used would make cracking relatively easy, but perhaps still in the order of an average of several to tens of minutes per Bagle-encrypted .ZIP. I doubt many mail servers/content gateways could tolerate that level of additional CPU load... I'd be very surprised if the "detection" of Bagle encrypted .ZIPs implemented by NAI (and others) is not prone to false-positive (at least if they insist on labelling the things they find as "Bagle") but it is likely to remain as a useful heuristic. > BTW, there is a war going on right now between three virus groups, so > you will continue to see new variants of Bagle, Netsky and Mydoom for > the foreseeable future. Should be a very interesting month. Well, if everyone (especailly the media and the AV web pages) stopped paying these pathetic puppies' "war" the attention it has been getting, I suspect that they may quickly tire of the fight, as surely they gain little from it at the moment other than that attention... Regards, Nick FitzGerald
Powered by blists - more mailing lists