Full Disclosure: Re: Re: Virus loading through ActiveX-Exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Re: Virus loading through ActiveX-Exploit

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 08 Sep 2004 13:21:53 +1200

Feher Tamas wrote:

... server.exe
file is
TrojanSpy.Win32.Small.AZ (AVP)


Perhaps at the the time or shortly before you posted this close to 12 
hours after the OP wrote his message, but when he wrote AVP/KAV did not 
detect it at all.  In fact, it was the only one of what I consider the 
"major" scanners to not detect the .EXE when, almost exactly two hours 
after the OP wrote his message, I had the file scanned by 20-odd 
scanners that (mostly) run up-to-the-minute (well, hour) 
research/beta/pre-release DEF/DAT/etc files...

Oh, and as for the name -- the unique names reported in that multi-
scanner test were:

   TR/Small.AZ.1
   W32/Chty.A () bd
   Uploader-S
   TrojanSpy.Win32.Small.AZ
   Backdoor.Trojan           [this one is a heuristic detection]
   Troj/Bizex-E
   Win32.Reign.Z

There was one more generic/heuristic detection but I'm not sure I can 
publicly discuss it, and as it has a rather distinctive reporting style 
for this type of thing, I've removed that entry from the list...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Re: Virus loading through ActiveX-Exploit Feher Tamas (Sep 07)
- Re: Re: Virus loading through ActiveX-Exploit Nick FitzGerald (Sep 07)