reporting virii

  • Thread starter Thread starter Englander
  • Start date Start date
E

Englander

Hi dudes

wondering, where are the best places to report virii, and..

If you receive an email with an attachment of the type=wave and actually
link is to an attached .exe file, but the virus scan thinks its clean,
should it be reported as a suspected variant.

I was wondering, what signatures do the checkers look for?

Does it (/they i.e. the latest crop of checkers (using f-prot for
linux)get down to as small a check as just seeing if the examined code
writes to the internet which would make it a suspect trojan attachment.

or even just looking for common (propogation) code between virii.

do virus checkers even claim to be trojan/hacker checkers?
 
Please read the following URL.

http://www.perl.com/language/misc/virus.html

Dave



| Hi dudes
|
| wondering, where are the best places to report virii, and..
|
| If you receive an email with an attachment of the type=wave and actually
| link is to an attached .exe file, but the virus scan thinks its clean,
| should it be reported as a suspected variant.
|
| I was wondering, what signatures do the checkers look for?
|
| Does it (/they i.e. the latest crop of checkers (using f-prot for
| linux)get down to as small a check as just seeing if the examined code
| writes to the internet which would make it a suspect trojan attachment.
|
| or even just looking for common (propogation) code between virii.
|
| do virus checkers even claim to be trojan/hacker checkers?
|
 
Englander said:
Hi dudes

wondering, where are the best places to report virii, and..
Click to expand...

Submissions:

Command Software <[email protected]>
Computer Associates (US) <[email protected]>
Computer Associates (Vet/EZ) <[email protected]>
DialogueScience (Dr. Web) <[email protected]>
Eset (NOD32) <[email protected]>
F-Secure Corp. <[email protected]>
Frisk Software (F-PROT) <[email protected]>
Grisoft (AVG) <[email protected]>
H+BEDV (AntiVir): <[email protected]>
Kaspersky Labs <[email protected]>
Network Associates (McAfee) <[email protected]>
Norman (NVC) <[email protected]>
Sophos Plc. <[email protected]>
Symantec (Norton) <[email protected]>
If you receive an email with an attachment of the type=wave and actually
link is to an attached .exe file, but the virus scan thinks its clean,
should it be reported as a suspected variant.
Click to expand...

What you describe here is an exploit of a vulnerability. The attached
exefile would autorun on vulnerable machines. It might be *anything*
at all ~ not limited to viruses, worms, or even malware for that matter.

Yes, it should be reported.
I was wondering, what signatures do the checkers look for?
Click to expand...

Some actually look for and can detect this exploit. Further than
that, most can decode the attachment and scan it for known
malware.
Does it (/they i.e. the latest crop of checkers (using f-prot for
linux)get down to as small a check as just seeing if the examined code
writes to the internet which would make it a suspect trojan attachment.
Click to expand...

As far as I know, they look for specific things hopefully unique
to a given malware (else they get false positives). Some legitimate
programs "write to the internet" (if I understand you correctly).
or even just looking for common (propogation) code between virii.
Click to expand...

Some do some level of "behavior checking", but I think it has
been found that signature based scanning attains better overall
results. There are alternatives to signature based scanning which
have better results at the task of detecting new (unknown) nasties.
do virus checkers even claim to be trojan/hacker checkers?
Click to expand...

Many have now attempted to move into this area.
 
I was of course meaning the genitive singular (whatever that means...),
but mispelled it...
 
Back
Top