| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040625073607.66056.qmail@web60006.mail.yahoo.com> From: x1n1t at yahoo.com (X iniT) Subject: VX: Old worm in new shoes (AntiQFX) Hello all, The attached file seems to be a variant of AntiQFX worm. AntiQFX Worm masquerades as an old dos utilitly "MSCDEX.EXE". Basically spreads via shared networks and delets a few files which belong to a couple of Photo Editting softwares. Its PE-Packed and has an anti-deletion routine. So you might be guessing whats the big deal!! Look closely and you'll see that i've attached this file using my yahoo account. Which happens to be protected by NAV !!! The following link clearly states that NAV detects this worm since 2002 !!! http://securityresponse.symantec.com/avcenter/venc/data/w32.antiqfx.f.worm.html Same thing is with AVP, ClamV & F-Prot. Only Sophos detects this file as AntiQFX.F variant. So keep an eye friends, this incident has really made me have second thoughts about antivirus softwares and their reliability. Regards, X! __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail -------------- next part -------------- A non-text attachment was scrubbed... Name: MSCDEX.zip Type: application/zip Size: 95299 bytes Desc: MSCDEX.zip Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040625/374a0222/MSCDEX.zip
Powered by blists - more mailing lists