Full Disclosure mailing list archives
Re: Virus on web site
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 03 Aug 2005 15:18:14 +1200
Johannes Schneider to Peter B. Harvey:
This virus at the time of my posting this is only detedted by Kasperski and I cannot find any detail on the virus. Came in the email as given below. URL for the virus http://www.alias-search.com/images/msits.exe Also found was the following url also the same virus http://www.alias-search.com/images/msitsa.exe Kasperski detects it as msits.exe - infected by Backdoor.Win32.Haxdoor.dw Anyone with info on this virus?infos about msits.exe http://vic.zonelabs.com/tmpl/body/CA/virusDetails.jsp?VId=39520
Note that Kaspersky thought it was a "Haxdoor" variant. Most AV engines use that name for this family (except McAfee's BackDoor-BAC). While the URL you refer to does mention msits.exe, it seems very unlikely on its face to be relevant to Peter's request. The msits.exe that was available from the URL Peter posted was approx 50KB (and FSG- packed at that) but the web page you offerred refers to an msits.exe of a mere 6656 bytes, which is quite likley packed too, but it doesn't say. Mind you, there are several non-packed Win32 PE downloaders (and the msits.exe described at that ZL URL is a downloader) that weigh in at 4096 or fewer bytes... Anyway, basic malware point -- filenames alone are not sufficiently diagnostic for something like what you did to _generally_ be helpful. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Virus on web site Peter B. Harvey (Information Security) (Aug 01)
- REGUSTERFLY To The White Courtesy Phone Please? (Was: Re: Virus on web site) J.A. Terranson (Aug 01)
- Re: Virus on web site Johannes Schneider (Aug 02)
- Re: Virus on web site Nick FitzGerald (Aug 02)
- <Possible follow-ups>
- Re: Virus on web site Peter B. Harvey (Information Security) (Aug 02)
- Re: Virus on web site Nick FitzGerald (Aug 02)