Re: win2kup2date.exe ?

[Nick FitzGerald <nick () virus-l demon co uk>]

Über GuidoZ wrote:

> ...  If you want to email me a copy of it, I'll
> rip it apart and see what can be seen.

And world plus dog should entrust you with such material because???

> P.S. Send it to [...] - it's my "catch all" for
> virus/unknown files. Just be sure to ZIP it up or else the web host
> won't let it through. Otherwise I have disabled all checks/scan.
> Downloads directly to a secured Linux box.

That's all very nice, but alone, far from the makings of someone to 
entrust arbitrary, suspected malware samples to.

I'm also rather suspicious of your promotion of Virus Total.  Hispasec, 
as far as I can tell (Spanish being something I have to have translated 
via online services), has no antivirus or similar product of its own, 
yet it has set up, and some folk seem to be promoting, what is 
effectively a sample collection mechanism.  I've also heard vague 
rumblings that Hispasec/Virus Total does not have suitable licenses for 
at least some of the scanners used in its service (and strongly suspect 
that several of the AV vendors whose products are currently used would 
not allow their products to be licensed for use in a service of the 
kind Virus Total offers anyway because it paints a rather disturbing 
trust picture -- "You can trust me because I can run a virus 
scanner...").


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html