Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Backdoor not recognized by Kaspersky
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 3 Mar 2004 11:58:31 -0500

The problem is the antivirus installed in the perimeter, that does not detect those
samples. Exist some antivirus that detects the ZIP infected without knowing the
password:

I'm sure more of these detect it by now. I suppose SOP for these scanners has been to
extract files from ZIPs and scan them, but they need a more complex procedure now. Is it
possible that portions of the encrypted ZIP are consistant enough regardless of the key
that they can identify it? If not, for this particular case they could hack at the ZIP
file and use the message body as a dictionary.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer () ziffdavis com 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]