funsec mailing list archives
Re: CME: A Total Failure -- Throw in the Towel
From: Drsolly <drsollyp () drsolly com>
Date: Mon, 13 Mar 2006 14:26:08 +0000 (GMT)
On Sun, 12 Mar 2006, Blue Boar wrote:
Drsolly wrote:OK. My favourite antivirus scanner says that "This specimen resembles Yellow Wheelbarrow". Now what? I still don't know if it's CME-24 or not.You scanner spits out the string "CME-24" somewhere next to "Yellow Wheelbarrow",
But it doesn't ...
and/or you go to the CME site and type in "Win95.YellowWheelbarror@mm-wtfbbq", and it gives you back CME-24.
How do the CME people determine that what Wonder Antivirus calls Yelly Wheelbarrow, is identical to what they call CME-24?
Or were you instead asking about something more complicated, related to partial matches, and the fact that one AV may identify two files as two things, probably in the same family, while a second scanner says they are the same thing?
That's part of it. Are there any products today that do exact identification by checksumming the static bytes of the malware? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- CME: A Total Failure -- Throw in the Towel Fergie (Mar 09)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 10)
- Re: CME: A Total Failure -- Throw in the Towel Florian Weimer (Mar 11)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 11)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel David Harley (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Axel Pettinger (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 16)
- RE: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 16)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 12)
- Virus Info Alliance == "new CME"?? (was: CME: A Total Failure) Young, Keith (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Alexander Sotirov (Mar 12)