lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060504112229.50092.qmail@web25904.mail.ukl.yahoo.com>
Date: Thu May  4 12:22:37 2006
From: joxeankoret at yahoo.es (Joxean Koret)
Subject: Panda Antivirus Enterprise Secure,
	Norton Antivirus 2005 and the virus "I Love You"

Hi to all!

Trying with a friend the latest Panda Antivirus we
have been found that is unable to detect the old "I
Love You" virus by simply changing the name of one
variable.

Attached goes a working "I Love You" virus in which I
changed ONLY the variable "dirsystem" with the name 
"kk2" (The file attached have the extension ".txt.gz",
otherwise, with the .vbs extension the file will be
locked by all the most populars anti-viral toolkits).

If you sends it to an e-mail server that uses the
Panda True-Prevent this will not found any virus. It
will be "quarantined" if you send with the extension
".vbs", obviously, but will not detect it as a virus.

Panda Antivirus Client-Shield will not found nothing.

It's supposed that Panda TruePrevent and ClamAV should
detect the strings that found in the contents of the
file and should detect it as a virus.

I found, also, that Norton Antivirus 2005 is unable to
detect it.

You can download any old virus that you want, rename
one variable and you will have a "0 day virus". 

Wow! That's fun!

NOTE: ClamAV (ClamAV 0.88.2/1439) detect's it.

Disclaimer:
~~~~~~~~~~~

The information in this advisory and any of its 
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory. 

---------------------------------------------------------------------------

Contact:
~~~~~~~~

	Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es


		
______________________________________________ 
LLama Gratis a cualquier PC del Mundo. 
Llamadas a fijos y m?viles desde 1 c?ntimo por minuto. 
http://es.voice.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ