Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Backdoor not recognized by Kaspersky
From: Gregor Lawatscheck <gpel () mpex net>
Date: Wed, 03 Mar 2004 14:53:23 +0100

Suresh Ponnusami wrote:

Another variant against the Netsky virus. It's is packed with
UPX. It spreads with the password protected zip file, which
gets bypassed through all most all the AV scanners with
latest signature updates because No AV can decrypt it
without the password. (though password is in the message
content), we humans tend to open it after reading the message.

Kaspersky, NAI and possibly some other AV-vendors now parse the password from the body of the email to extract the zip and then scan it. Obviously this only helps if it can scan the complete email i.e. on the mailserver. They might need to adapt to new varitions of how the password is included in the body, which will take some analysis when new variants emerge.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]