Security Incidents mailing list archives
RE: New Virus?
From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Tue, 16 Aug 2005 15:44:14 -0400
As I understand it, Google tries to reduce the effectiveness of malware downloaders that use Google to find their payloads, to reduce the effectiveness of vulnerability scan tools that search for and attack vulnerable web apps, and to reduce warez pub searching. Search for "(anything)(10 or more of certain characters such as spaces)(anything)" and Google returns the same message. So searches for any of the following will return the same 403 page: "woohoo.file .blah" "rogers.doc .exe" "blah deblahblah" "blah+++++++++++++++++++++++++++kupa" "test++++++++++++++++++++++" " " "+++++++++++++++++++" Searching for filenames with lots of white space is even less useful than other malware filename searches. And Google's 403 page does not indicate anything useful about this particular malware find.
Current thread:
- New Virus? Alex Arndt (Aug 15)
- Re: New Virus? Eduardo Vela (Aug 16)
- RE: New Virus? The AV Vendors respond (long post) Alex Arndt (Aug 16)
- RE: New Virus? James C Slora Jr (Aug 16)
- Re: New Virus? James Polley (Aug 18)
- RE: New Virus? James C Slora Jr (Aug 18)
- Re: New Virus? Eduardo Vela (Aug 19)
- Re: New Virus? James Polley (Aug 18)
- <Possible follow-ups>
- Re: New Virus? dave_mikesch (Aug 15)
- RE: New Virus? Ragnar Harper (Aug 15)
- RE: New Virus? Harlan Carvey (Aug 15)