Re: Wireshark and TeslaCrypt

[Graham Bloice <graham.bloice () trihedral com>]

On 3 March 2016 at 17:50, Rich Rauenzahn <rrauenza () gmail com> wrote:

> Hi,
>
> I downloaded Wireshark a month or more ago to our Windows computer,
> but I think I didn't install it -- I think I had an older version
> already installed, and so left it as is in my Download folder.
>
> This morning Malwarebytes detected the Wireshark installer (I believe
> its the installer -- I'm getting this 2nd hand from home) as
> containing TeslaCrypt.  (I've also downloaded the latest WireShark
> installer here at work as well and it passes the scan.)
>
> I think the binary was removed, not quarantined, but I'll check in
> more detail when I get home this evening.  If I can find the actual
> binary, I could submit it to Malwarebytes for false positive
> verification.
>
> I suspect its a false positive, but it seems important enough that I
> ought to query here.  Is it possible that Wireshark has TeslaCrypt
> signatures embedded in it for its own TeslaCrypt traffic detection?
>
> Rich
Likely to be another false positive, see the wiki page here for more info:
https://wiki.wireshark.org/FalsePositives

Wireshark, to my knowledge, doesn't have dissectors for malware so is
unlikely to have their signatures in the binaries.

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe