RE: Multiple AV Vendor Incorrect CRC32 BypassVulnerability.

["Randall M" <randallm () fidmail com>]

> > > > > > > > > > > > > > > > > > > > > . 

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of bipin gautam
Sent: Thursday, March 10, 2005 5:00 AM
To: full-disclosure () lists grok org uk; vuln () secunia com
Subject: Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32
BypassVulnerability.


--- Frederic Charpentier <fcharpen () xmcopartners com>
wrote:
> Hi, I saw this behaviour last week with the virus "MyDoom.BE".
> I use the mail gateway with Clamav/Amavis. Clamav doesn't detect the 
> virus embeded in the zip file (with a crc broken).
> But, Trendmicro detects it.

That's strange, though i admit... i've shared this info with very few*
trusted security researchers, since past few months..... though i it find
VERY HARD to believe some, who had access to this info since past few month
were involved in creating, "MyDoom.BE" 
    (O;

Bipin
> > > > > > > > > > > > > > > > > > > > > .

I'm going take a guess that they haven't "lost faith in responsible
disclosure..." as you did per your public disclosure to the lists. If
someone leaked this I'm glad for that. The last thing I need this morning is
infected machines all over the place PLUS the "I can't find my folders" to
IT helpdesk.


RandallM

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/