mailing list archives
Re: Backdoor not recognized by Kaspersky
From: "Suresh Ponnusami" <surya () nsecure net>
Date: Wed, 3 Mar 2004 16:45:35 +0530
Another variant against the Netsky virus. It's is packed with
UPX. It spreads with the password protected zip file, which
gets bypassed through all most all the AV scanners with
latest signature updates because No AV can decrypt it
without the password. (though password is in the message
content), we humans tend to open it after reading the message.
Ok!, the analysis of the virus.
* Known as Beagle.H and another variant is Beagle.I
* Mcafee identifies it as W32/Bagle.gen () MM
* Packed with UPX
* Contains in-built smtp server
* Creates Authentic Looking Smart Messages which might
_trick_ most people to execute the content.
(But when will user's get the knowledge about security??)
* Random zip password generation (all the passwords are
* Contains "'Hey, NetSky, f**k off you b*t*h, don''t ruine our
bussiness, wanna start a war?'
* Connects and downloads the password protected zip from
http://postertog.de/scr.php or http://www.gfotxt.net/scr.php
or from http://www.maiklibis.de/scr.php or from http://188.8.131.52/
All the hosts were down at the time of this mail.
* Does not contain any dangerous payload and performs other
common virus thingies.
* Auto starts via SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Update your AV to the latest signatures. Do not open anything
that does not make any sense to you. Even if it is from any known
person. Especially when the zip contains files with .pif, .scr, .exe,
.com extensions and any other executable attachments.
Information Security Consultant,
nSecure Software (P) Ltd.
----- Original Message -----
From: "Kristian Hermansen" <khermansen () ht-technology com>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, 03 March, 2004 04:04 AM
Subject: [Full-disclosure] Backdoor not recognized by Kaspersky
Attached backdoor not recognized by Kaspersky or Norton 2004? I received
this file recently, but Kaspersky did not detect malicious code.
Full-Disclosure - We believe in it.
RE: Backdoor not recognized by Kaspersky Full-Disclosure (Mar 03)
Re: Backdoor not recognized by Kaspersky Suresh Ponnusami (Mar 03)
RE: Backdoor not recognized by Kaspersky Aditya, ALD [Aditya Lalit Deshmukh] (Mar 03)
RE: Backdoor not recognized by Kaspersky Ron DuFresne (Mar 04)
Re: Backdoor not recognized by Kaspersky Rodrigo Barbosa (Mar 04)
Re: Backdoor not recognized by Kaspersky Michael Gale (Mar 04)
- Re: Backdoor not recognized by Kaspersky, (continued)