RE: Searching For Virus Info

["Mike" <mjcarter () ihug co nz>]

Hi Tom,
I have tried that but it doesn't work when searching in NAI by these
characteristics or variations..

------------------------------------------------
Hello my dear Mary,

I have been thinking about you all night. I would like to apologize for
the other night when we made beautiful love and did not use condoms. I
know this was a mistake and I beg you to forgive me.

I miss you more than anything, please call me Mary, I need you. Do you
remember when we were having wild sex in my house? I remember it all
like it was only yesterday. You said that the pictures would not come
out good, but you were very wrong, they are great. I didn't want to show
you the pictures at first, but now I think it's time for you to see
them. Please look in the attachment and you will see what I mean.

I love you with all my heart, James.
----------------------------------------------

And this is now a known trojan.
But I did notice that searching Symantec with "Hello my dear Mary" now
returns a good result: Backdoor.Sysbug which is AKA BackDoor-CAG,
Troj/Sysbug-A  . Using that search at NAI returns nothing and using it at
Trend returns 500 results?? I don't have time to go through all that.

My whish is to be able to search by characteristics using criteria like msg
body, subject, ports used, reg changes, dropped files, whatever else you can
think of... etc etc etc without having to wade through pages of crap.

I guess what I'm asking for is a database of virus characteristics that
would probably need to be independent of av vendors because, after all, they
are in the business to make money.

I'm probably asking too much.

Regards

Mike






-----Original Message-----
From: Thomas F. Szabo [mailto:tszabo () diamondtech net]
Sent: Wednesday, November 26, 2003 9:56 AM
To: Mike; security-basics () securityfocus com
Subject: RE: Searching For Virus Info


Hi Mike,

Did you try the advanced search at NAI's site?
http://vil.nai.com/vil/advsearch.asp  It may not be perfect but it
should allow you to search by different characteristics.


Tom Szabo

-----Original Message-----
From: Mike [mailto:mjcarter () ihug co nz]
Sent: Tuesday, November 25, 2003 2:57 AM
To: security-basics () securityfocus com
Subject: Searching For Virus Info

HI Everyone,
I've recently had to try and find a virus name by it's characteristics
and
was wondering if there is a service that does this.
The problem I have is that if I don't know or can't remember the virus
name
but know the characteristics and I try to search a virus by "for
instance"
the message body I can't find any info about it.

Is there a service I'm unaware of?

p.s No google doesn't seem to work, it either pulls up too much info
which
wastes too much time and often goes no where or nothing at all and I do
know
how to use it.

Thanks
Mike



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----





---------------------------------------------------------------------------
----------------------------------------------------------------------------