Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-disclosure] test this

from [Todd Towles] Network Security [Permanent Link]
Subject: RE: [Full-disclosure] test this
Date: Wed, 28 Dec 2005 16:39:54 -0600 
Trend Micro just released a Controlled Pattern File Release (CPR)
Pattern Update - 3.1.34.04

http://www.trendmicro.com/vinfo/

The current auto-update sig = 3.1.33.00

-Todd


-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk 
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf 
Of Valdis Shkesters
Sent: Wednesday, December 28, 2005 1:46 PM
To: Peter Bruderer; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] test this

This is a report processed by VirusTotal on 12/28/2005 at 
20:38:41 (CET) after scanning the file "xpladv548.wmf.gz" file.

AntiVir - no virus found
Avast - Win32:Exdown
AVG - no virus found
Avira - no virus found
BitDefender - Exploit.Win32.WMF-PFV
CAT-QuickHeal - no virus found
ClamAV - no virus found
DrWeb - no virus found
eTrust-Iris - no virus found
eTrust-Vet - no virus found
Ewido - no virus found
Fortinet - W32/WMF-exploit
F-Prot - no virus found
Ikarus - no virus found
Kaspersky - Trojan-Downloader.Win32.Agent.acd McAfee - Exploit-WMF
NOD32v2 - Win32/TrojanDownloader.Wmfex
Norman - no virus found
Panda - Exploit/Metafile
Sophos - no virus found
Symantec - no virus found
TheHacker - no virus found
UNA - no virus found
VBA32 - no virus found

http://www.virustotal.com

----- Original Message -----
From: "Peter Bruderer" <brudy@bruderer-research.com>
To: "D B" <geggam692000@yahoo.com>
Cc: <full-disclosure@lists.grok.org.uk>
Sent: Wednesday, December 28, 2005 7:17 PM
Subject: Re: [Full-disclosure] test this



Hi there

Using a previous unknown hole in windows, an exploit was discovered
which infects a PC with spyware and trojans. The PC is 

infected using a

manipulated picture in the WMF format.

Only Symantec found a trojan downloader. Another AV 

scanners found the

downloaded code, but did not recognize the actual downloader.

(http://www.heise.de/security/news/meldung/67794 for the german
speeking)

More info:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
http://isc.sans.org/diary.php?storyid=972

My scanners (McAfee, Kaspersky, Clam) did not find anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Someone wasted a nice bug on spyware..., ad@heapoverflow.com
Next by Date:  Re[2]: [Full-disclosure] test this, Thierry Zoller
Previous by Thread:  Re[2]: [Full-disclosure] test this, Thierry Zoller
Next by Thread:  RE: Re[2]: [Full-disclosure] test this, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]