Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Undetectable Virus from CANADA ISP 69.197.83.68
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 23 Oct 2004 23:40:11 +1300

Andrew Smith to Farrukh Hussain:

   Today I got e-mail from "69.197.83.68" CANADA ISP which has undetectable
virus.

This just means that you or your A/V hasn't updated their virus
definitions. Try multiple A/V programs, this will cover a wider range
of 'viruses'.

_OR_ it means Farrukh was depending on an unreliable or outdated virus 
scanner.

Scanned with 21 different scanners a few hours after the message was 
posted and 20 of them detected it.  This was not due to some recent (as 
in the preceding few hours) rush of updates -- most web descriptions 
agree that the virus they detected was first seen very late in July, 
with a second variant a few days later, early in August.

That result _includes_ the same scanner (by name) that Hotmail 
reputedly uses, but then, Hotmail failing to reliably keep its scanner 
up to date, and/or the supplier of said scanner failing to provide 
reliable updates to Hotmail are not exactly news, and it has been long 
suspected that Hotmail's virus scanning is designed to "fail open" 
(i.e. pass on Email that has not been scanned but report it as if it 
has been scanned and found "not infected").

In short, this virus has been widely detected since late July/early 
August by almost all "Western" virus detection engines, so the OP's 
report and concerns would seem more than a tad misdirected...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]