Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Backdoor not recognized by Kaspersky

From: "Bernardo Quintero" <bernardo () hispasec com>
Date: Wed, 3 Mar 2004 13:48:07 +0100
It's Bagle/Beagle.J. The problem is that the file is password-protected, so it's not
obvious how a scanner will get it until it's opened. Notice that the e-mail includes the
password ("65316"). In fact Norton finds it when the ZIP is opened and the extracted
file hits the file system.


The problem is the antivirus installed in the perimeter, that does not
detect those samples. Exist some antivirus that detects the ZIP infected
without knowing the password:

Scan results
 File: TextDocument.zip
 Date: 03/03/2004 13:14:16
----
InoculateIT 4625/20040302 found nothing
NOD32 1.648/20040303 found [Win32/Bagle.gen.zip]
Kaspersky 3.0/20040303 found nothing
McAfee 4.2.60/20040302 found nothing
Norton 8.0/20040302 found nothing
Panda 7.02.00/20040303 found [W32/Bagle.pwdzip]
Sybari 7.50.1138/20040303 found nothing
TrendMicro 1.00/20040302 found nothing

Bernardo Quintero
bernardo () hispasec com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: