Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Backdoor not recognized by Kaspersky
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 3 Mar 2004 10:22:01 -0600

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Suresh Ponnusami
Sent: Wednesday, March 03, 2004 5:16 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Backdoor not recognized by Kaspersky

Another variant against the Netsky virus. It's is packed with 
UPX. It spreads with the password protected zip file, which 
gets bypassed through all most all the AV scanners with 
latest signature updates because No AV can decrypt it without 
the password. (though password is in the message content), we 
humans tend to open it after reading the message.

McAfee now detects the password protected zip files.  (There are other
things you can look for besides trying to decrypt the contents of the
zip filel  Also, zip passwords are weak and easily broken anyway.)

BTW, there is a war going on right now between three virus groups, so
you will continue to see new variants of Bagle, Netsky and Mydoom for
the foreseeable future.  Should be a very interesting month.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]