Re: Re: Virus loading through ActiveX-Exploit

[Nick FitzGerald <nick () virus-l demon co uk>]

Feher Tamas wrote:

> ... server.exe
> file is
> TrojanSpy.Win32.Small.AZ (AVP)

Perhaps at the the time or shortly before you posted this close to 12 
hours after the OP wrote his message, but when he wrote AVP/KAV did not 
detect it at all.  In fact, it was the only one of what I consider the 
"major" scanners to not detect the .EXE when, almost exactly two hours 
after the OP wrote his message, I had the file scanned by 20-odd 
scanners that (mostly) run up-to-the-minute (well, hour) 
research/beta/pre-release DEF/DAT/etc files...

Oh, and as for the name -- the unique names reported in that multi-
scanner test were:

   TR/Small.AZ.1
   W32/Chty.A@bd
   Uploader-S
   TrojanSpy.Win32.Small.AZ
   Backdoor.Trojan           [this one is a heuristic detection]
   Troj/Bizex-E
   Win32.Reign.Z

There was one more generic/heuristic detection but I'm not sure I can 
publicly discuss it, and as it has a rather distinctive reporting style 
for this type of thing, I've removed that entry from the list...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html