Full Disclosure mailing list archives
Re: Re: Virus loading through ActiveX-Exploit
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 08 Sep 2004 13:21:53 +1200
Feher Tamas wrote:
... server.exe file is TrojanSpy.Win32.Small.AZ (AVP)
Perhaps at the the time or shortly before you posted this close to 12 hours after the OP wrote his message, but when he wrote AVP/KAV did not detect it at all. In fact, it was the only one of what I consider the "major" scanners to not detect the .EXE when, almost exactly two hours after the OP wrote his message, I had the file scanned by 20-odd scanners that (mostly) run up-to-the-minute (well, hour) research/beta/pre-release DEF/DAT/etc files... Oh, and as for the name -- the unique names reported in that multi- scanner test were: TR/Small.AZ.1 W32/Chty.A@bd Uploader-S TrojanSpy.Win32.Small.AZ Backdoor.Trojan [this one is a heuristic detection] Troj/Bizex-E Win32.Reign.Z There was one more generic/heuristic detection but I'm not sure I can publicly discuss it, and as it has a rather distinctive reporting style for this type of thing, I've removed that entry from the list... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Virus loading through ActiveX-Exploit Feher Tamas (Sep 07)
- Re: Re: Virus loading through ActiveX-Exploit Nick FitzGerald (Sep 07)