lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40DBF1B7.7010505@atlantica.it>
From: paolo.gallenga at atlantica.it (Paolo A. Gallenga)
Subject: VX: Old worm in new shoes (AntiQFX)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Grisoft's AVG 6.0.71 DAT 466 23/06/2004 also detects it as Win32/Antiqfx.

Regards, Paolo

X iniT wrote:
| Hello all,
|
|
| The attached file seems to be a variant of AntiQFX
| worm.
|
| AntiQFX Worm masquerades as
| an old dos utilitly "MSCDEX.EXE". Basically
| spreads via shared networks and delets a few
| files which belong to a couple of Photo Editting
| softwares.
| Its PE-Packed and has an anti-deletion routine.
|
| So you might be guessing whats the big deal!!
|
| Look closely and you'll see that i've attached this
| file using my yahoo account. Which happens to be
| protected by NAV !!!
|
| The following link clearly states that NAV detects
| this worm since 2002 !!!
|
http://securityresponse.symantec.com/avcenter/venc/data/w32.antiqfx.f.worm.html
|
| Same thing is with AVP, ClamV & F-Prot.
|
| Only Sophos detects this file as AntiQFX.F variant.
|
| So keep an eye friends, this incident has really
| made me have second thoughts about antivirus softwares
| and their reliability.
|
|
| Regards,
| X!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFA2/G2wreiUCR0oIoRApeDAKCttD8rFOsDhBviLahAEqhycmXR5wCgo+pD
mFTUPjPHzZcnaO/5zfJss+A=
=eAmZ
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ