Full Disclosure mailing list archives
Re: Backdoor not recognized by Kaspersky
From: "Bernardo Quintero" <bernardo () hispasec com>
Date: Wed, 3 Mar 2004 13:48:07 +0100
It's Bagle/Beagle.J. The problem is that the file is password-protected, so it's not obvious how a scanner will get it until it's opened. Notice that the e-mail includes the password ("65316"). In fact Norton finds it when the ZIP is opened and the extracted file hits the file system.
The problem is the antivirus installed in the perimeter, that does not detect those samples. Exist some antivirus that detects the ZIP infected without knowing the password: Scan results File: TextDocument.zip Date: 03/03/2004 13:14:16 ---- InoculateIT 4625/20040302 found nothing NOD32 1.648/20040303 found [Win32/Bagle.gen.zip] Kaspersky 3.0/20040303 found nothing McAfee 4.2.60/20040302 found nothing Norton 8.0/20040302 found nothing Panda 7.02.00/20040303 found [W32/Bagle.pwdzip] Sybari 7.50.1138/20040303 found nothing TrendMicro 1.00/20040302 found nothing Bernardo Quintero bernardo () hispasec com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Backdoor not recognized by Kaspersky Kristian Hermansen (Mar 03)
- Re: Backdoor not recognized by Kaspersky Frederik Berger (Mar 03)
- Re: Backdoor not recognized by Kaspersky Jarkko Turkulainen (Mar 03)
- RE: Backdoor not recognized by Kaspersky Mortis (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- Re: Backdoor not recognized by Kaspersky William Warren (Mar 03)
- Re: Backdoor not recognized by Kaspersky William Warren (Mar 03)
- Re: Backdoor not recognized by Kaspersky Bernardo Quintero (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Backdoor not recognized by Kaspersky ajrarn (Mar 03)
- RE: Backdoor not recognized by Kaspersky Oliver Schneider (Mar 03)
- RE: Backdoor not recognized by Kaspersky Paul Niranjan (Mar 03)
- Re: Backdoor not recognized by Kaspersky Mary Landesman (Mar 03)
- <Possible follow-ups>
- RE: Backdoor not recognized by Kaspersky Jyri.Tamminen (Mar 03)
- RE: Backdoor not recognized by Kaspersky David Kammering (Mar 03)
- Re: Backdoor not recognized by Kaspersky maarten (Mar 03)
- Re: Backdoor not recognized by Kaspersky Martin Mačok (Mar 03)
- Re: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- Re: Backdoor not recognized by Kaspersky maarten (Mar 03)