lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nick at (Nick FitzGerald)
Subject: Backdoor not recognized by Kaspersky

"Schmehl, Paul L" <> wrote:

> McAfee now detects the password protected zip files.  (There are other
> things you can look for besides trying to decrypt the contents of the
> zip filel  Also, zip passwords are weak and easily broken anyway.)

Though cracking is not, I believe, how it is done.  Knowing the limited 
character set and length of passwords used would make cracking 
relatively easy, but perhaps still in the order of an average of 
several to tens of minutes per Bagle-encrypted .ZIP.  I doubt many mail 
servers/content gateways could tolerate that level of additional CPU 

I'd be very surprised if the "detection" of Bagle encrypted .ZIPs 
implemented by NAI (and others) is not prone to false-positive (at 
least if they insist on labelling the things they find as "Bagle") but 
it is likely to remain as a useful heuristic.

> BTW, there is a war going on right now between three virus groups, so
> you will continue to see new variants of Bagle, Netsky and Mydoom for
> the foreseeable future.  Should be a very interesting month.

Well, if everyone (especailly the media and the AV web pages) stopped 
paying these pathetic puppies' "war" the attention it has been getting, 
I suspect that they may quickly tire of the fight, as surely they gain 
little from it at the moment other than that attention...


Nick FitzGerald

Powered by blists - more mailing lists