Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VX: Old worm in new shoes (AntiQFX)

From: "Paolo A. Gallenga" <paolo.gallenga () atlantica it>
Date: Fri, 25 Jun 2004 11:34:47 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Grisoft's AVG 6.0.71 DAT 466 23/06/2004 also detects it as Win32/Antiqfx.

Regards, Paolo

X iniT wrote:
| Hello all,
|
|
| The attached file seems to be a variant of AntiQFX
| worm.
|
| AntiQFX Worm masquerades as
| an old dos utilitly "MSCDEX.EXE". Basically
| spreads via shared networks and delets a few
| files which belong to a couple of Photo Editting
| softwares.
| Its PE-Packed and has an anti-deletion routine.
|
| So you might be guessing whats the big deal!!
|
| Look closely and you'll see that i've attached this
| file using my yahoo account. Which happens to be
| protected by NAV !!!
|
| The following link clearly states that NAV detects
| this worm since 2002 !!!
|
http://securityresponse.symantec.com/avcenter/venc/data/w32.antiqfx.f.worm.html
|
| Same thing is with AVP, ClamV & F-Prot.
|
| Only Sophos detects this file as AntiQFX.F variant.
|
| So keep an eye friends, this incident has really
| made me have second thoughts about antivirus softwares
| and their reliability.
|
|
| Regards,
| X!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFA2/G2wreiUCR0oIoRApeDAKCttD8rFOsDhBviLahAEqhycmXR5wCgo+pD
mFTUPjPHzZcnaO/5zfJss+A=
=eAmZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: