[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Backdoor not recognized by Kaspersky

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
From: Gregor Lawatscheck <gpel@xxxxxxxx>
Date: Wed, 03 Mar 2004 14:53:23 +0100

Suresh Ponnusami wrote:

Another variant against the Netsky virus. It's is packed with
UPX. It spreads with the password protected zip file, which
gets bypassed through all most all the AV scanners with
latest signature updates because No AV can decrypt it
without the password. (though password is in the message
content), we humans tend to open it after reading the message.

Kaspersky, NAI and possibly some other AV-vendors now parse the password from the body of the email to extract the zip and then scan it. Obviously this only helps if it can scan the complete email i.e. on the mailserver. They might need to adapt to new varitions of how the password is included in the body, which will take some analysis when new variants emerge.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Cael Abal

References:
- Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Suresh Ponnusami

Prev by Date: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by Date: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Previous by thread: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by thread: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Index(es):
- Date
- Thread