lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <43B40619.8080405@heapoverflow.com>
Date: Thu Dec 29 15:52:20 2005
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: test this

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
norton detects it under the corporate version BloodHound.Exploit.56

http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html

I guess you tried the norton customer version which isn't virus
definition updated everyday, companies are more at risk than poor
customers I guess.

Todd Towles wrote:
> Got a new test of it this morning? I am surprised Norton doesn't have it
> yet.
>
>  TrendMicro has released pattern file = 3.135.00
>
> It appears to pick up all the trojans using the WMF exploit as of right
> now. Variants could affect this however.
>
> Is this buffer overflow pretty specific like the older GIF exploit? If I
> remember correctly, there were really only two ways to make the GIF
> exploit work, so the detection was pretty solid. Is this exploit
> similar? Or does it have some trick point that could be used to fool
> known sigs?
>
> -Todd
>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
>> Of Thierry Zoller
>> Sent: Wednesday, December 28, 2005 5:24 PM
>> To: full-disclosure@...ts.grok.org.uk
>> Subject: Re[2]: [Full-disclosure] test this
>>
>> Dear List,
>>
>> VirusTotal on 12/29/2005 at 00:16:19 (CET) :
>> AntiVir 6.33.0.70       12.28.2005      TR/Dldr.WMF.Agent.D
>> Sophos  4.01.0          12.28.2005      Troj/DownLdr-NO
>> ClamAV  devel-20051108  12.29.2005      Exploit.WMF.A
>>
>> --
>> http://secdev.zoller.lu
>> Thierry Zoller
>> Fingerprint : 5D84 BFDC CD36 A951 2C45  2E57 28B3 75DD 0AC6 F1C7
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ7QGGa+LRXunxpxfAQIIHg/+LB1Ca+0lG4Hn+3GRRXeDkZFBck3OARqA
uhmnUE24FjF5ds7aIWVtamgHxXmFITT/OxuxA9NZlnIK3CzrojOXFmr7IRnFJfNa
QUvp5Q36Rts3oF3CZ6c4KOAHEr8eS1aGY5nuSIy3GCbps/t6wLfuo0Hv4F3bweHy
qGD3RMTuw4G3zbyeBhRWo4Egp0CpGSMo+UVQJ7m82BQqLGb6sp8xDn9IdNB4c94k
0x6iWXd/C6pLkBZH+0aWi5I0UdoHnxZgYQGbNpx9/b7TeK3SsW4FJX9y/ZCscc1O
dUBNnT2FK7vPpN3DcAAXXlHzAqWgWOXoSjsMkZ9qJXz/nAAxZMZ78hQGbvMEpWMd
UJ5VLLr5sWhug8WWRsWkY8LzkaqgRDnoCt415xytFFCBGlwFVoFvLv2pIss6bPtt
ObWr79G68wt6hmsuAJ7eU59m5gdvw8U7H1LwtTHjEbj32OFPHP7w3wYdwDRWO6e3
dzvWYQBMdHXvXz6um9aERCJYc8SSmZCMKGPS7WYG7fOQMLvVW2GZ0egLwNVXiC99
KRbW4GnysCwxyQ/pR2unT/eaMhXlviGof57wZBNenibSS4UXPmoAK4sbzLWiox2C
P3IGbWSF5YgruZYG/4Wr8k+pqAZC0/tNv2uKIlzSNyXucm/n2b9iKDvSA11+PfJ3
WfNRbbsHc9M=
=v7Aj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ