Security Incidents mailing list archives

RE: New Virus?

From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Tue, 16 Aug 2005 15:44:14 -0400

As I understand it, Google tries to reduce the effectiveness of malware
downloaders that use Google to find their payloads, to reduce the
effectiveness of vulnerability scan tools that search for and attack
vulnerable web apps, and to reduce warez pub searching.

Search for "(anything)(10 or more of certain characters such as
spaces)(anything)" and Google returns the same message.

So searches for any of the following will return the same 403 page:
"woohoo.file                      .blah"
"rogers.doc                      .exe"
"blah                      deblahblah"
"blah+++++++++++++++++++++++++++kupa"
"test++++++++++++++++++++++"
"                          "
"+++++++++++++++++++"

Searching for filenames with lots of white space is even less useful than
other malware filename searches. And Google's 403 page does not indicate
anything useful about this particular malware find.

Current thread:

New Virus? Alex Arndt (Aug 15)
- Re: New Virus? Eduardo Vela (Aug 16)
- RE: New Virus? The AV Vendors respond (long post) Alex Arndt (Aug 16)
- RE: New Virus? James C Slora Jr (Aug 16)
  - Re: New Virus? James Polley (Aug 18)
    - RE: New Virus? James C Slora Jr (Aug 18)
    - Re: New Virus? Eduardo Vela (Aug 19)
- <Possible follow-ups>
- Re: New Virus? dave_mikesch (Aug 15)
- RE: New Virus? Ragnar Harper (Aug 15)
  - RE: New Virus? Harlan Carvey (Aug 15)