Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Kaspersky submission screwup !
- David H. Lipman
October 14, 2005, 3:11 am
rate this thread
provide to anyone who wanted it. I indicated I would take a copy and I provided
address in which it could be sent to. A few days later, on Monday Oct. 10, I
infector with the following text...
You said on that chat thingy that you wanted a copy of this. It's four files on
the virus which is LOADER.EXE. Unless you are prepaired to format your computer
on it. It does work i have tried it on a couple of computers just to make sure
and they dont
work any more. Anyway all yours."
So I uploaded it to Virus Total. Not one vendor recognized the infector.
However, I tried
McAfee VirusScan v7.1E, ENGINE v5000 Beta and DAT v4597 (?) and under Heuristic
was flagged by McAfee as "New Malware.h". I then proceeded to submit a sample
to all AV
companies. DrWeb, Panda and Kaspersky were the first to respond.
DrWeb -- Trojan Mygot
Panda -- Trj/ForSpok.A
Kaspersky -- "File is clean"
I replied back to Kaspersky under the ticket number that I was assigned and I
the analyst came to that "File is clean" conclusion when McAfee flagged it using
scanning and DrWeb and Panda found it to be a malicious Trojan.
The reply from the same Kaspersky analyst was "We already analyzed this." I
strange and I thought this was a faux conclusion and I sent a copy to Ian
examined it and he also concluded it was malicious and thought that the
was ludicrous. He then submitted a copy to Kaspersky and he got a different
researcher. This time it was concluded that it was indeed malicious and the
I later received an email message back from the virus researcher I had
earlier with the following text...
Ok, we bad analyze this.
Malicious software was found in the attached file.
It's detection was included in the next update. Thank you for your help."
Re: Kaspersky submission screwup !
Either he was a very junior virus researcher, he was half asleep or he
drank too much vodka. Russians! :)
(I know you may find this rich coming from and Irishman)
- » Norton Anti Virus - cannot switch on Intrusion Prevention - Error 183 in Module 5004
- — Previous thread in » Anti-Virus Software
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum