[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Backdoor not recognized by Kaspersky

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Date: Wed, 3 Mar 2004 11:58:31 -0500

>>The problem is the antivirus installed in the perimeter, that does not detect 
>>those
samples. Exist some antivirus that detects the ZIP infected without knowing the
password:

I'm sure more of these detect it by now. I suppose SOP for these scanners has 
been to
extract files from ZIPs and scan them, but they need a more complex procedure 
now. Is it
possible that portions of the encrypted ZIP are consistant enough regardless of 
the key
that they can identify it? If not, for this particular case they could hack at 
the ZIP
file and use the message body as a dictionary.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer@xxxxxxxxxxxxx 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
  - From: Bernardo Quintero

Prev by Date: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by Date: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Previous by thread: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Next by thread: RE: [Full-Disclosure] Backdoor not recognized by Kaspersky
Index(es):
- Date
- Thread