Wireshark mailing list archives
Re: Wireshark and TeslaCrypt
From: Graham Bloice <graham.bloice () trihedral com>
Date: Thu, 3 Mar 2016 18:10:57 +0000
On 3 March 2016 at 17:50, Rich Rauenzahn <rrauenza () gmail com> wrote:
Hi, I downloaded Wireshark a month or more ago to our Windows computer, but I think I didn't install it -- I think I had an older version already installed, and so left it as is in my Download folder. This morning Malwarebytes detected the Wireshark installer (I believe its the installer -- I'm getting this 2nd hand from home) as containing TeslaCrypt. (I've also downloaded the latest WireShark installer here at work as well and it passes the scan.) I think the binary was removed, not quarantined, but I'll check in more detail when I get home this evening. If I can find the actual binary, I could submit it to Malwarebytes for false positive verification. I suspect its a false positive, but it seems important enough that I ought to query here. Is it possible that Wireshark has TeslaCrypt signatures embedded in it for its own TeslaCrypt traffic detection? Rich
Likely to be another false positive, see the wiki page here for more info: https://wiki.wireshark.org/FalsePositives Wireshark, to my knowledge, doesn't have dissectors for malware so is unlikely to have their signatures in the binaries. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark and TeslaCrypt Rich Rauenzahn (Mar 03)
- Re: Wireshark and TeslaCrypt Graham Bloice (Mar 03)