[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Backdoor not recognized by Kaspersky

To: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>, "'Kristian Hermansen'" <khermansen@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
From: "Bernardo Quintero" <bernardo@xxxxxxxxxxxx>
Date: Wed, 3 Mar 2004 13:48:07 +0100

> It's Bagle/Beagle.J. The problem is that the file is password-protected, so 
> it's not
> obvious how a scanner will get it until it's opened. Notice that the e-mail 
> includes the
> password ("65316"). In fact Norton finds it when the ZIP is opened and the 
> extracted
> file hits the file system.

The problem is the antivirus installed in the perimeter, that does not
detect those samples. Exist some antivirus that detects the ZIP infected
without knowing the password:

Scan results
 File: TextDocument.zip
 Date: 03/03/2004 13:14:16
----
InoculateIT 4625/20040302 found nothing
NOD32 1.648/20040303 found [Win32/Bagle.gen.zip]
Kaspersky 3.0/20040303 found nothing
McAfee 4.2.60/20040302 found nothing
Norton 8.0/20040302 found nothing
Panda 7.02.00/20040303 found [W32/Bagle.pwdzip]
Sybari 7.50.1138/20040303 found nothing
TrendMicro 1.00/20040302 found nothing

Bernardo Quintero
bernardo@xxxxxxxxxxxx


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Larry Seltzer

References:
- RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Larry Seltzer

Prev by Date: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by Date: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Previous by thread: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by thread: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Index(es):
- Date
- Thread