| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <413F0771.1853.80BD8449@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Re: Virus loading through ActiveX-Exploit Feher Tamas wrote: > ... server.exe > file is > TrojanSpy.Win32.Small.AZ (AVP) Perhaps at the the time or shortly before you posted this close to 12 hours after the OP wrote his message, but when he wrote AVP/KAV did not detect it at all. In fact, it was the only one of what I consider the "major" scanners to not detect the .EXE when, almost exactly two hours after the OP wrote his message, I had the file scanned by 20-odd scanners that (mostly) run up-to-the-minute (well, hour) research/beta/pre-release DEF/DAT/etc files... Oh, and as for the name -- the unique names reported in that multi- scanner test were: TR/Small.AZ.1 W32/Chty.A@bd Uploader-S TrojanSpy.Win32.Small.AZ Backdoor.Trojan [this one is a heuristic detection] Troj/Bizex-E Win32.Reign.Z There was one more generic/heuristic detection but I'm not sure I can publicly discuss it, and as it has a rather distinctive reporting style for this type of thing, I've removed that entry from the list... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists