Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: We got owned by the Chinese and didn't even get a "lessons learned"

From: Nicolas RUFF <nruff () security-labs org>
Date: Wed, 24 May 2006 17:13:49 +0200
So, I'm quite curious what kind of (mature) products we have today to
detect advanced malware on Windows/x86-32 platform? Only please do not
mention hidden files, registry and process detectors (and not even try
thinking about signature detectors)... Anybody? (this is not a
rhetorical question, I really am curious!)


Well, this is an interesting question indeed.

From the sample we got, there are 2 things to notice :


- The eggdrop part won't run if you do not have administrative rights on
your computer (because it is trying to create a "c:\~.exe" file).

- It won't run either if you have no "c:" drive on your computer (same
reason).


From my experience, those 2 security features may block more than 99.9%

of "DownloadToFile" viruses. So we are safe ... for now !

Regards,
- Nicolas RUFF
Previous By Date Next
Previous By Thread Next

Current thread: