lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <004a01c60be7$664a3cd0$b496c651@ddt2d2b883c4a1>
Date: Wed Dec 28 19:46:42 2005
From: valdis at antivirus.lv (Valdis Shkesters)
Subject: test this

This is a report processed by VirusTotal on 12/28/2005 at 20:38:41 (CET) 
after scanning the file "xpladv548.wmf.gz" file.

AntiVir - no virus found
Avast - Win32:Exdown
AVG - no virus found
Avira - no virus found
BitDefender - Exploit.Win32.WMF-PFV
CAT-QuickHeal - no virus found
ClamAV - no virus found
DrWeb - no virus found
eTrust-Iris - no virus found
eTrust-Vet - no virus found
Ewido - no virus found
Fortinet - W32/WMF-exploit
F-Prot - no virus found
Ikarus - no virus found
Kaspersky - Trojan-Downloader.Win32.Agent.acd
McAfee - Exploit-WMF
NOD32v2 - Win32/TrojanDownloader.Wmfex
Norman - no virus found
Panda - Exploit/Metafile
Sophos - no virus found
Symantec - no virus found
TheHacker - no virus found
UNA - no virus found
VBA32 - no virus found

http://www.virustotal.com

----- Original Message ----- 
From: "Peter Bruderer" <brudy@...derer-research.com>
To: "D B" <geggam692000@...oo.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Wednesday, December 28, 2005 7:17 PM
Subject: Re: [Full-disclosure] test this


> Hi there
>
> Using a previous unknown hole in windows, an exploit was discovered
> which infects a PC with spyware and trojans. The PC is infected using a
> manipulated picture in the WMF format.
>
> Only Symantec found a trojan downloader. Another AV scanners found the
> downloaded code, but did not recognize the actual downloader.
>
> (http://www.heise.de/security/news/meldung/67794 for the german
> speeking)
>
> More info:
> http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
> http://isc.sans.org/diary.php?storyid=972
>
> My scanners (McAfee, Kaspersky, Clam) did not find anything.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ