Full Disclosure mailing list archives
VX: Old worm in new shoes (AntiQFX)
From: X iniT <x1n1t () yahoo com>
Date: Fri, 25 Jun 2004 00:36:07 -0700 (PDT)
Hello all, The attached file seems to be a variant of AntiQFX worm. AntiQFX Worm masquerades as an old dos utilitly "MSCDEX.EXE". Basically spreads via shared networks and delets a few files which belong to a couple of Photo Editting softwares. Its PE-Packed and has an anti-deletion routine. So you might be guessing whats the big deal!! Look closely and you'll see that i've attached this file using my yahoo account. Which happens to be protected by NAV !!! The following link clearly states that NAV detects this worm since 2002 !!! http://securityresponse.symantec.com/avcenter/venc/data/w32.antiqfx.f.worm.html Same thing is with AVP, ClamV & F-Prot. Only Sophos detects this file as AntiQFX.F variant. So keep an eye friends, this incident has really made me have second thoughts about antivirus softwares and their reliability. Regards, X! __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Attachment:
MSCDEX.zip
Description: MSCDEX.zip
Current thread:
- VX: Old worm in new shoes (AntiQFX) X iniT (Jun 25)
- Re: VX: Old worm in new shoes (AntiQFX) Paolo A. Gallenga (Jun 25)
- Re: VX: Old worm in new shoes (AntiQFX) Duncan Hill (Jun 25)
- Re: VX: Old worm in new shoes (AntiQFX) Nick FitzGerald (Jun 25)
- Re: VX: Old worm in new shoes (AntiQFX) Raymond Dijkxhoorn (Jun 25)
- Re: VX: Old worm in new shoes (AntiQFX) Eric Paynter (Jun 25)
- <Possible follow-ups>
- RE: VX: Old worm in new shoes (AntiQFX) Randal, Phil (Jun 25)
- RE: VX: Old worm in new shoes (AntiQFX) X iniT (Jun 26)