Focus on Virus
Re: Malware database Jan 17 2011 04:09PM
Jay Scalf (jayscalf comcast net) (2 replies)
This is what I am getting:

Your request for support has been received. Your service request reference
number is contained in this email. Please note that email should not be
used for urgent requests. For issues requiring immediate attention, please
contact the Information Security HelpDesk at x26122 to speak with a
representative.

Please retain this notification until such time as your request is
resolved. Inquiries about this message should include the SRQ# in the
subject so all activities and efforts will be tracked and recorded within
the ticket.

Service Request Reference Number: SRQ506868
Date Opened: 2011-01-17 08:51:39
Service Request Description:
Re: Malware database

Thank you.

CONFIDENTIALITY NOTICE
This e-mail message and any attachments are only for the use of the
intended recipient and may contain information that is privileged,
confidential or exempt from disclosure under applicable law. If you are
not the intended recipient, any disclosure, distribution or other use of
this e-mail message or attachments is prohibited. If you have received
this e-mail message in error, please delete and notify the sender
immediately. Thank you.

On 1/17/2011 9:24 AM, Martin, Kelly J. wrote:
> How do I get off this list?
>
> Sent from my iPhone
>
> On Jan 17, 2011, at 10:24 AM, "Graham Scrowther"<g.scrowther (at) kew (dot) org [email concealed]> wrote:
>
>> I didn't get anything either.
>>
>> Could you please post the message you got?
>>
>>
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Sandeep Cheema
>> Sent: 17 January 2011 14:25
>> To: Jay Scalf ; focus-virus (at) securityfocus (dot) com [email concealed]
>> Subject: Re: Malware database
>>
>> That's odd. Seriously. I thought all securityfocus mailing lists are manually filtered. Strange I didn't receive that.
>>
>> Regards, Sandeep
>> Sent from BlackBerry® on Airtel
>>
>> -----Original Message-----
>> From: Jay Scalf<jayscalf (at) comcast (dot) net [email concealed]>
>> Date: Mon, 17 Jan 2011 14:08:50
>> To:<focus-virus (at) securityfocus (dot) com [email concealed]>
>> Subject: Re: Malware database
>>
>> This is to notify all that I received a message regarding my supposed
>> request of Mastercard via this list. I do no have a Mastercard. Everyone
>> beware. If this happens again I will request to be removed form the list
>> even though everyone seems knowledgeable and I appreciate reading your
>> views.
>>
>> On 1/14/2011 3:23 PM, David H. Lipman wrote:
>>> I agree with this assertion.
>>>
>>> Malware encyclopedias are NOT what they used to be 7~10 years ago.
>>>
>>> New variants of malware are created daily and often hourly. So often that encyclopedias (librariies) just can't be
>>> kept up to date.
>>>
>>> At best we can talk about families such as MEBRoot, TDSS (TDL3, TDL4, etc), ZBot, Gromozon, FakeAV,
>>> FakeAlert, yada, yada. And in that we can have generalities about how the malware conducts itself and what
>>> changes it makes to the OS.
>>>
>>> As for ThreatExpert. It is just OK. I use it but, I find that data colleected is often incomplete. Especially in light
>>> of the AntiVM routines of much of the malware I see. ANUBIS the same and it can't handle .NET files. COMODO
>>> is limited and supplies very little information. The University of Manaheim's sandbox is very good but it is
>>> presently down and won't be back up until the third or 4th week of this month. Stefan B. has an excellent system
>>> but it is underfunded and underpowered and I am afraid if I mention his system you will all use it and it will get
>>> overloaded and it'll take days to get reports returned.
>>>
>>> We return back to the original question about 'srvpool.exe'.
>>>
>>> Google is ONLY good to tell you if it is a known process. However, any file can be named anything. It isn't
>>> enough to know the name of the file but the fully qualified name and path to the file.
>>>
>>> We know SVCHOST.EXE is a legitimate process.
>>> Not if it is loaded from %appdata%.
>>>
>>> Malware deliberately hides itsalf in names of legitimate files or slight variation thereof.
>>> SVCHOST.EXE is the most prevalent of names forged or use variations like SCVHOST.EXE or LSASS.EXE as
>>> Isass.exe. Here we have 'srvpool.exe' which is a take on 'spoolsv.exe' the Print Spooler Service. The problem is
>>> any file can be called anything and the libraries are just not able to keep up with all the new malware.
>>>
>>>
>>> Get me a sample of 'spoolsv.exe' and I'll get the 411 on this. :-)
>>>
>>> Dave
>>>
>>>
>>>
>>>
>>> Date forwarded: Fri, 14 Jan 2011 09:26:47 -0700 (MST)
>>> Date sent: Fri, 14 Jan 2011 11:24:33 -0500 (EST)
>>> Forwarded by: focus-virus-return-3806 (at) securityfocus (dot) com [email concealed]
>>> From: Jose Nazario<jose (at) monkey (dot) org [email concealed]>
>>> Subject: Re: Malware database
>>> To: Huffen Doback<huffen.doback (at) gmail (dot) com [email concealed]>
>>> Copies to: focus-virus (at) securityfocus (dot) com [email concealed], focus-virus-return-3803 (at) securityfocus (dot) com [email concealed]
>>>
>>>> virus names used to be unique, but not so much any more.
>>>>
>>>> prevx, for example, lets you search by filename. plenty of sites have nice
>>>> writeups of "what is file foo.exe and what does it do?" for legitimate
>>>> files. prevx mostly handles malicious files, and their writeups are vague
>>>> or misleading at best in that database.
>>>>
>>>> as for fine grained details sandbox reports are very useful.
>>>> threatexpert.com is one of the more comprehensive and searchable. if you
>>>> have a file hash (md5) that's the best way to get such details.
>>>>
>>>> virustotal.com is also a useful place to get pointers.
>>>>
>>>> i do not trust or respect most AV writeups, they're very inadequate or
>>>> just plain wrong.
>>>>
>>>> ________
>>>> jose nazario, ph.d. http://monkey.org/~jose/
>>>>
>>>>
>>>> ------------------------------------------------------------------------
---
>>>> This list is sponsored by: Black Hat
>>>>
>>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>>>> technical event for ICT security experts. Featuring 30 hands-on training
>>>> courses and 90 Briefings presentations with lots of new content and new
>>>> tools. Network with 4,000 delegates from 70 nations. Visit product
>>>> displays by 30 top sponsors in a relaxed setting.
>>>>
>>>> http://www.blackhat.com
>>>> ------------------------------------------------------------------------
---
>>>>
>>>
>>>
>>> --
>>>
>>> Mr. David H. Lipman
>>> DLipman (at) Verizon (dot) Net [email concealed]
>>> Yahoo IM: david_h_lipman
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
---
>>> This list is sponsored by: Black Hat
>>>
>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>>> technical event for ICT security experts. Featuring 30 hands-on training
>>> courses and 90 Briefings presentations with lots of new content and new
>>> tools. Network with 4,000 delegates from 70 nations. Visit product
>>> displays by 30 top sponsors in a relaxed setting.
>>>
>>> http://www.blackhat.com
>>> ------------------------------------------------------------------------
---
>>>
>>>
>> ------------------------------------------------------------------------
---
>> This list is sponsored by: Black Hat
>>
>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>> technical event for ICT security experts. Featuring 30 hands-on training
>> courses and 90 Briefings presentations with lots of new content and new
>> tools. Network with 4,000 delegates from 70 nations. Visit product
>> displays by 30 top sponsors in a relaxed setting.
>>
>> http://www.blackhat.com
>> ------------------------------------------------------------------------
---
>>
>> ------------------------------------------------------------------------
---
>> This list is sponsored by: Black Hat
>>
>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>> technical event for ICT security experts. Featuring 30 hands-on training
>> courses and 90 Briefings presentations with lots of new content and new
>> tools. Network with 4,000 delegates from 70 nations. Visit product
>> displays by 30 top sponsors in a relaxed setting.
>>
>> http://www.blackhat.com
>> ------------------------------------------------------------------------
---
>>
>>
>> ------------------------------------------------------------------------
---
>> This list is sponsored by: Black Hat
>>
>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>> technical event for ICT security experts. Featuring 30 hands-on training
>> courses and 90 Briefings presentations with lots of new content and new
>> tools. Network with 4,000 delegates from 70 nations. Visit product
>> displays by 30 top sponsors in a relaxed setting.
>>
>> http://www.blackhat.com
>> ------------------------------------------------------------------------
---
>>

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]
Re: Malware database Mar 01 2011 06:43AM
wt521125 (wt521125 yahoo com cn)
Re: Malware database Jan 17 2011 04:35PM
Adrian J Milanoski (amilanoski gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus