Full Disclosure mailing list archives
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"
From: Joxean Koret <joxeankoret () yahoo es>
Date: Thu, 4 May 2006 13:22:29 +0200 (CEST)
Hi to all!
Trying with a friend the latest Panda Antivirus we
have been found that is unable to detect the old "I
Love You" virus by simply changing the name of one
variable.
Attached goes a working "I Love You" virus in which I
changed ONLY the variable "dirsystem" with the name
"kk2" (The file attached have the extension ".txt.gz",
otherwise, with the .vbs extension the file will be
locked by all the most populars anti-viral toolkits).
If you sends it to an e-mail server that uses the
Panda True-Prevent this will not found any virus. It
will be "quarantined" if you send with the extension
".vbs", obviously, but will not detect it as a virus.
Panda Antivirus Client-Shield will not found nothing.
It's supposed that Panda TruePrevent and ClamAV should
detect the strings that found in the contents of the
file and should detect it as a virus.
I found, also, that Norton Antivirus 2005 is unable to
detect it.
You can download any old virus that you want, rename
one variable and you will have a "0 day virus".
Wow! That's fun!
NOTE: ClamAV (ClamAV 0.88.2/1439) detect's it.
Disclaimer:
~~~~~~~~~~~
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---------------------------------------------------------------------------
Contact:
~~~~~~~~
Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)
- <Possible follow-ups>
- RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Thiago H. Pojda (May 04)
- RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Peter van den Houten (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" <...> (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Thiago H. Pojda (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Niklas (May 05)
- RE: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Debasis Mohanty (May 07)
- RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)
- Re: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 06)