Full Disclosure mailing list archives
Re: test this
From: "Valdis Shkesters" <valdis () antivirus lv>
Date: Wed, 28 Dec 2005 21:46:29 +0200
This is a report processed by VirusTotal on 12/28/2005 at 20:38:41 (CET) after scanning the file "xpladv548.wmf.gz" file.
AntiVir - no virus found Avast - Win32:Exdown AVG - no virus found Avira - no virus found BitDefender - Exploit.Win32.WMF-PFV CAT-QuickHeal - no virus found ClamAV - no virus found DrWeb - no virus found eTrust-Iris - no virus found eTrust-Vet - no virus found Ewido - no virus found Fortinet - W32/WMF-exploit F-Prot - no virus found Ikarus - no virus found Kaspersky - Trojan-Downloader.Win32.Agent.acd McAfee - Exploit-WMF NOD32v2 - Win32/TrojanDownloader.Wmfex Norman - no virus found Panda - Exploit/Metafile Sophos - no virus found Symantec - no virus found TheHacker - no virus found UNA - no virus found VBA32 - no virus found http://www.virustotal.com----- Original Message ----- From: "Peter Bruderer" <brudy () bruderer-research com>
To: "D B" <geggam692000 () yahoo com> Cc: <full-disclosure () lists grok org uk> Sent: Wednesday, December 28, 2005 7:17 PM Subject: Re: [Full-disclosure] test this
Hi there Using a previous unknown hole in windows, an exploit was discovered which infects a PC with spyware and trojans. The PC is infected using a manipulated picture in the WMF format. Only Symantec found a trojan downloader. Another AV scanners found the downloaded code, but did not recognize the actual downloader. (http://www.heise.de/security/news/meldung/67794 for the german speeking) More info: http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 http://isc.sans.org/diary.php?storyid=972 My scanners (McAfee, Kaspersky, Clam) did not find anything.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- test this D B (Dec 28)
- Re: test this Niek (Dec 28)
- Re: test this José Manuel Vilariño Figueira (Dec 28)
- RE: test this Jason Bethune (Dec 28)
- Re: test this Peter Bruderer (Dec 28)
- Re: test this Matt Ostiguy (Dec 28)
- Re: test this Valdis Shkesters (Dec 28)
- <Possible follow-ups>
- Re: test this Thierry Zoller (Dec 28)
- Re[2]: test this Thierry Zoller (Dec 28)
- RE: test this Todd Towles (Dec 28)
- RE: Re[2]: test this Todd Towles (Dec 29)
- Re: test this ad () heapoverflow com (Dec 29)
- Re: Re[2]: test this Valdis Shkesters (Dec 29)
- RE: Re[2]: test this Peter Ferrie (Dec 29)
- RE: Re[2]: test this Benjamin Franz (Dec 29)
- Re: test this Michael Holstein (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)