Full Disclosure mailing list archives

Re: Virus / Trojan

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 10 Jan 2004 13:23:39 +1300

"Otero, Hernan (EDS)" <HOtero () lanchile cl> wrote:

Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings inside the binary.


If you suspect it is a virus, why in heck post a sample to a public 
mailing list?

If you suspect something is a new virus or other malware and your AV 
does not detect, for pity's sake send a sample of it to your AV 
developer.  Better yet, send a sample to several AV developers you 
trust to analyse it properly and report back to you, but whatever else 
you do, do not send copies of it to thousands upon thousands of unknown 
folk.  Fortunately the mail service you sent this from uses an AV that 
was updated for detecting this malware than the service where you 
received it (or, if the same service, the required update arrived in 
the interim between initial receipt and re-sending) and the file was 
detached from your message...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Virus / Trojan Otero, Hernan (EDS) (Jan 09)
- Re: Virus / Trojan Exibar (Jan 09)
  - Re[2]: Virus / Trojan Papp Geza (Jan 09)
- Re: Virus / Trojan Axel Pettinger (Jan 09)
- Re: Virus / Trojan William Warren (Jan 09)
- Re: Virus / Trojan Nick FitzGerald (Jan 09)
- <Possible follow-ups>
- RE: Virus / Trojan Nicolas CARTRON (Jan 09)
- RE: Virus / Trojan John LaCour (Jan 09)
- Re: Virus / Trojan PhilZ (Jan 15)
  - Re: Virus / Trojan Koito Triabva (Jan 15)