Focus on Virus
Re: Malware database Jan 17 2011 04:09PM
Jay Scalf (jayscalf comcast net) (2 replies)
Re: Malware database Mar 01 2011 06:43AM
wt521125 (wt521125 yahoo com cn)
Take a look at www.virustotal.com you can search hashes, names, etc...

-
A

On Mon, Jan 17, 2011 at 11:09 AM, Jay Scalf <jayscalf (at) comcast (dot) net [email concealed]> wrote:
> This is what I am getting:
>
> Your request for support has been received. Your service request reference
> number is contained in this email. Please note that email should not be
> used for urgent requests. For issues requiring immediate attention, please
> contact the Information Security HelpDesk at x26122 to speak with a
> representative.
>
> Please retain this notification until such time as your request is
> resolved.  Inquiries about this message should include the SRQ# in the
> subject so all activities and efforts will be tracked and recorded within
> the ticket.
>
> Service Request Reference Number: SRQ506868
> Date Opened: 2011-01-17 08:51:39
> Service Request Description:
> Re: Malware database
>
> Thank you.
>
>
>
> CONFIDENTIALITY NOTICE
> This e-mail message and any attachments are only for the use of the
intended
> recipient and may contain information that is privileged, confidential or
> exempt from disclosure under applicable law. If you are not the intended
> recipient, any disclosure, distribution or other use of this e-mail
message
> or attachments is prohibited. If you have received this e-mail message in
> error, please delete and notify the sender immediately. Thank you.
>
>
> On 1/17/2011 9:24 AM, Martin, Kelly J. wrote:
>>
>> How do I get off this list?
>>
>> Sent from my iPhone
>>
>> On Jan 17, 2011, at 10:24 AM, "Graham Scrowther"<g.scrowther (at) kew (dot) org [email concealed]>
>>  wrote:
>>
>>> I didn't get anything either.
>>>
>>> Could you please post the message you got?
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
>>> On Behalf Of Sandeep Cheema
>>> Sent: 17 January 2011 14:25
>>> To: Jay Scalf ; focus-virus (at) securityfocus (dot) com [email concealed]
>>> Subject: Re: Malware database
>>>
>>> That's odd. Seriously. I thought all securityfocus mailing lists are
>>> manually filtered. Strange I didn't receive that.
>>>
>>> Regards, Sandeep
>>> Sent from BlackBerry® on Airtel
>>>
>>> -----Original Message-----
>>> From: Jay Scalf<jayscalf (at) comcast (dot) net [email concealed]>
>>> Date: Mon, 17 Jan 2011 14:08:50
>>> To:<focus-virus (at) securityfocus (dot) com [email concealed]>
>>> Subject: Re: Malware database
>>>
>>> This is to notify all that I received a message regarding my supposed
>>> request of Mastercard via this list. I do no have a Mastercard. Everyone
>>> beware. If this happens again I will request to be removed form the list
>>> even though everyone seems knowledgeable and I appreciate reading your
>>> views.
>>>
>>> On 1/14/2011 3:23 PM, David H. Lipman wrote:
>>>>
>>>> I agree with this assertion.
>>>>
>>>> Malware encyclopedias are NOT what they used to be 7~10 years ago.
>>>>
>>>> New variants of malware are created daily and often hourly.  So often
>>>> that encyclopedias (librariies) just can't be
>>>> kept up to date.
>>>>
>>>> At best we can talk about families such as MEBRoot, TDSS (TDL3, TDL4,
>>>> etc), ZBot, Gromozon, FakeAV,
>>>> FakeAlert, yada, yada.  And in that we can have generalities about how
>>>> the malware conducts itself and what
>>>> changes it makes to the OS.
>>>>
>>>> As for ThreatExpert.  It is just OK.  I use it but, I find that data
>>>> colleected is often incomplete.  Especially in light
>>>> of the AntiVM routines of much of the malware I see.  ANUBIS the same
>>>> and it can't handle .NET files.  COMODO
>>>> is limited and supplies very little information.  The University of
>>>> Manaheim's sandbox is very good but it is
>>>> presently down and won't be back up until the third or 4th week of this
>>>> month.  Stefan B. has an excellent system
>>>> but it is underfunded and underpowered and I am afraid if I mention his
>>>> system you will all use it and it will get
>>>> overloaded and it'll take days to get reports returned.
>>>>
>>>> We return back to the original question about 'srvpool.exe'.
>>>>
>>>> Google is ONLY good to tell you if it is a known process.  However, any
>>>> file can be named anything.  It isn't
>>>> enough to know the name of the file but the fully qualified name and
>>>> path to the file.
>>>>
>>>> We know SVCHOST.EXE is a legitimate process.
>>>> Not if it is loaded from %appdata%.
>>>>
>>>> Malware deliberately hides itsalf in names of legitimate files or
slight
>>>> variation thereof.
>>>> SVCHOST.EXE is the most prevalent of names forged or use variations
like
>>>> SCVHOST.EXE or LSASS.EXE as
>>>> Isass.exe.  Here we have 'srvpool.exe' which is a take on 'spoolsv.exe'
>>>> the Print Spooler Service.  The problem is
>>>> any file can be called anything and the libraries are just not able to
>>>> keep up with all the new malware.
>>>>
>>>>
>>>> Get me a sample of 'spoolsv.exe' and I'll get the 411 on this.  :-)
>>>>
>>>> Dave
>>>>
>>>>
>>>>
>>>>
>>>> Date forwarded:        Fri, 14 Jan 2011 09:26:47 -0700 (MST)
>>>> Date sent:             Fri, 14 Jan 2011 11:24:33 -0500 (EST)
>>>> Forwarded by:          focus-virus-return-3806 (at) securityfocus (dot) com [email concealed]
>>>> From:                  Jose Nazario<jose (at) monkey (dot) org [email concealed]>
>>>> Subject:               Re: Malware database
>>>> To:                    Huffen Doback<huffen.doback (at) gmail (dot) com [email concealed]>
>>>> Copies to:             focus-virus (at) securityfocus (dot) com [email concealed],
>>>>  focus-virus-return-3803 (at) securityfocus (dot) com [email concealed]
>>>>
>>>>> virus names used to be unique, but not so much any more.
>>>>>
>>>>> prevx, for example, lets you search by filename. plenty of sites have
>>>>> nice
>>>>> writeups of "what is file foo.exe and what does it do?" for legitimate
>>>>> files. prevx mostly handles malicious files, and their writeups are
>>>>> vague
>>>>> or misleading at best in that database.
>>>>>
>>>>> as for fine grained details sandbox reports are very useful.
>>>>> threatexpert.com is one of the more comprehensive and searchable. if
>>>>> you
>>>>> have a file hash (md5) that's the best way to get such details.
>>>>>
>>>>> virustotal.com is also a useful place to get pointers.
>>>>>
>>>>> i do not trust or respect most AV writeups, they're very inadequate or
>>>>> just plain wrong.
>>>>>
>>>>> ________
>>>>> jose nazario, ph.d.              http://monkey.org/~jose/
>>>>>
>>>>>
>>>>>
>>>>>
------------------------------------------------------------------------
---
>>>>> This list is sponsored by: Black Hat
>>>>>
>>>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's
>>>>> premier
>>>>> technical event for ICT security experts. Featuring 30 hands-on
>>>>> training
>>>>> courses and 90 Briefings presentations with lots of new content and
new
>>>>> tools.  Network with 4,000 delegates from 70 nations.  Visit product
>>>>> displays by 30 top sponsors in a relaxed setting.
>>>>>
>>>>> http://www.blackhat.com
>>>>>
>>>>>
------------------------------------------------------------------------
---
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>>                                   Mr. David H. Lipman
>>>>                                   DLipman (at) Verizon (dot) Net [email concealed]
>>>>                                Yahoo IM:  david_h_lipman
>>>>
>>>>
>>>>
>>>>
>>>>
------------------------------------------------------------------------
---
>>>> This list is sponsored by: Black Hat
>>>>
>>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's
premier
>>>> technical event for ICT security experts. Featuring 30 hands-on
training
>>>> courses and 90 Briefings presentations with lots of new content and new
>>>> tools.  Network with 4,000 delegates from 70 nations.  Visit product
>>>> displays by 30 top sponsors in a relaxed setting.
>>>>
>>>> http://www.blackhat.com
>>>>
>>>>
------------------------------------------------------------------------
---
>>>>
>>>>
>>>
>>>
------------------------------------------------------------------------
---
>>> This list is sponsored by: Black Hat
>>>
>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>>> technical event for ICT security experts. Featuring 30 hands-on training
>>> courses and 90 Briefings presentations with lots of new content and new
>>> tools.  Network with 4,000 delegates from 70 nations.  Visit product
>>> displays by 30 top sponsors in a relaxed setting.
>>>
>>> http://www.blackhat.com
>>>
>>>
------------------------------------------------------------------------
---
>>>
>>>
>>>
------------------------------------------------------------------------
---
>>> This list is sponsored by: Black Hat
>>>
>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>>> technical event for ICT security experts. Featuring 30 hands-on training
>>> courses and 90 Briefings presentations with lots of new content and new
>>> tools.  Network with 4,000 delegates from 70 nations.  Visit product
>>> displays by 30 top sponsors in a relaxed setting.
>>>
>>> http://www.blackhat.com
>>>
>>>
------------------------------------------------------------------------
---
>>>
>>>
>>>
>>>
------------------------------------------------------------------------
---
>>> This list is sponsored by: Black Hat
>>>
>>> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
>>> technical event for ICT security experts. Featuring 30 hands-on training
>>> courses and 90 Briefings presentations with lots of new content and new
>>> tools.  Network with 4,000 delegates from 70 nations.  Visit product
>>> displays by 30 top sponsors in a relaxed setting.
>>>
>>> http://www.blackhat.com
>>>
>>>
------------------------------------------------------------------------
---
>>>
>
>
------------------------------------------------------------------------
---
> This list is sponsored by: Black Hat
>
> Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
> technical event for ICT security experts. Featuring 30 hands-on training
> courses and 90 Briefings presentations with lots of new content and new
> tools.  Network with 4,000 delegates from 70 nations.  Visit product
> displays by 30 top sponsors in a relaxed setting.
> http://www.blackhat.com
>
------------------------------------------------------------------------
---
>
>

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

__________________________________________________
¸Ï¿ì×¢²áÑÅ»¢³¬´óÈÝÁ¿Ãâ·ÑÓÊÏä?
http://cn.mail.yahoo.com

------------------------------------------------------------------------
---
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier
technical event for ICT security experts. Featuring 30 hands-on training
courses and 90 Briefings presentations with lots of new content and new
tools. Network with 4,000 delegates from 70 nations. Visit product
displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com
------------------------------------------------------------------------
---

[ reply ]
Re: Malware database Jan 17 2011 04:35PM
Adrian J Milanoski (amilanoski gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus