| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42F0E036.24960.682C0C40@localhost> Date: Wed Aug 3 04:18:46 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Virus on web site Johannes Schneider to Peter B. Harvey: > > This virus at the time of my posting this is only detedted by > > Kasperski and I cannot find any detail on the virus. Came in the > > email as given below. > > > > URL for the virus http://www.alias-search.com/images/msits.exe > > Also found was the following url also the same virus > > http://www.alias-search.com/images/msitsa.exe > > > > Kasperski detects it as msits.exe - infected by > > Backdoor.Win32.Haxdoor.dw > > > > Anyone with info on this virus? > > infos about msits.exe > http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39520 Note that Kaspersky thought it was a "Haxdoor" variant. Most AV engines use that name for this family (except McAfee's BackDoor-BAC). While the URL you refer to does mention msits.exe, it seems very unlikely on its face to be relevant to Peter's request. The msits.exe that was available from the URL Peter posted was approx 50KB (and FSG- packed at that) but the web page you offerred refers to an msits.exe of a mere 6656 bytes, which is quite likley packed too, but it doesn't say. Mind you, there are several non-packed Win32 PE downloaders (and the msits.exe described at that ZL URL is a downloader) that weigh in at 4096 or fewer bytes... Anyway, basic malware point -- filenames alone are not sufficiently diagnostic for something like what you did to _generally_ be helpful. Regards, Nick FitzGerald
Powered by blists - more mailing lists