Full Disclosure mailing list archives
Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"
From: Joxean Koret <joxeankoret () yahoo es>
Date: Thu, 4 May 2006 13:22:29 +0200 (CEST)
Hi to all! Trying with a friend the latest Panda Antivirus we have been found that is unable to detect the old "I Love You" virus by simply changing the name of one variable. Attached goes a working "I Love You" virus in which I changed ONLY the variable "dirsystem" with the name "kk2" (The file attached have the extension ".txt.gz", otherwise, with the .vbs extension the file will be locked by all the most populars anti-viral toolkits). If you sends it to an e-mail server that uses the Panda True-Prevent this will not found any virus. It will be "quarantined" if you send with the extension ".vbs", obviously, but will not detect it as a virus. Panda Antivirus Client-Shield will not found nothing. It's supposed that Panda TruePrevent and ClamAV should detect the strings that found in the contents of the file and should detect it as a virus. I found, also, that Norton Antivirus 2005 is unable to detect it. You can download any old virus that you want, rename one variable and you will have a "0 day virus". Wow! That's fun! NOTE: ClamAV (ClamAV 0.88.2/1439) detect's it. Disclaimer: ~~~~~~~~~~~ The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. --------------------------------------------------------------------------- Contact: ~~~~~~~~ Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)
- <Possible follow-ups>
- RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Thiago H. Pojda (May 04)
- RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Peter van den Houten (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" <...> (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Thiago H. Pojda (May 04)
- Re: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Niklas (May 05)
- RE: RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Debasis Mohanty (May 07)
- RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 04)
- Re: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You" Joxean Koret (May 06)