Security Basics
Bad Antivirus Jan 29 2013 03:30PM
sec melis gmail com (3 replies)
Re: Bad Antivirus Jan 30 2013 03:50PM
Michael Peppard (mpeppard impole com) (2 replies)
Running AV via SSH? (Was: Re: Bad Antivirus) Feb 02 2013 08:21PM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:13PM
Michael Peppard (mpeppard impole com) (3 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 12:41AM
Alois Mahdal (alois mahdal 1-ndmail zxcvb cz) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 09 2013 10:07PM
Terrence O'Connor (terrence oconnor gmail com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 11 2013 08:08PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 13 2013 04:31PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 14 2013 02:26PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 16 2013 11:59PM
Tracy Reed (treed ultraviolet org) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 08:59PM
Michael Peppard (mpeppard impole com) (1 replies)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 18 2013 10:06PM
Jeffrey Walton (noloader gmail com)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 05:38PM
!s3grim (persephane gmx eu)
Re: Running AV via SSH? (Was: Re: Bad Antivirus) Feb 04 2013 02:40PM
Rob (synja synfulvisions com)
Re: Bad Antivirus Feb 01 2013 12:09PM
sec milis (sec melis gmail com)
Re: Bad Antivirus Jan 30 2013 07:27AM
Andre Silaghi (andre silaghi googlemail com)
Re: Bad Antivirus Jan 30 2013 06:08AM
iamherevivek gmail com (2 replies)
Re: Bad Antivirus Jan 30 2013 07:24AM
Adam Pal (carpathin wolf gmx net)
Re: Bad Antivirus Jan 30 2013 07:10AM
Melissa Augustine (missy augustine gmail com)
I would also ssdeep the two files and see how different they are. will help you determine if you need to do more analysis.

I would run in a sandbox to see what the malware does and fix accordingly. or do some research as sality has been out for a while. I know off the top of my head it adds itself to the registry and adds itself as a trusted program to the local FW.

if you have the exe's that would be your best bet.

Sent from my iPhone

On 30 Jan 2013, at 06:08, iamherevivek (at) gmail (dot) com [email concealed] wrote:

> Hello,
>
> You can compare the actual (safe) exe with the infected ones with something like windiff.
>
> I would recommend removing the infected exe, if u have a backup, and put the infected in a sandbox and run tests.
>
> If I was in ur situation, I would track each action performed by the infected exe by tracking network activity, processes called and so on.
>
> Please PM me, if you need any personalized guidance.
>
> Deadbrain.
> I though I would change the world, but they wouldn't give me the source code.
> So I ended up hacking it!
> Sent from BlackBerry® on Airtel
>
> -----Original Message-----
> From: sec.melis (at) gmail (dot) com [email concealed]
> Sender: listbounce (at) securityfocus (dot) com [email concealed]
> Date: Tue, 29 Jan 2013 15:30:55
> To: <security-basics (at) securityfocus (dot) com [email concealed]>
> Reply-To: drmarkabaiter (at) gmail (dot) com [email concealed]
> Subject: Bad Antivirus
>
> Dear folks,
>
> I have 3 W2K3 servers, each are running same software binary exe files. One month ago, they infected with some rootkits and viruses which later on I know from antivirus detection this malware called sality, ipz, etc.
> After installing a new antivirus and revealed the malware, some of my software seems not running as expected. At the moment, I suspect that the malware still there because the AV may not capable to clean them all. I tried using 3 or 4 most popular AV, but all were claimed the servers are clean while my software couldn't run smoothly. In fact, some of exe files has been changed in size while I am not sure whether this changed made by viruses or 'bad' AV I just installed.
> If I try to proof that my exe files has been changed by this 'bad' AV, does anyone know how to proof this things ? By reversing this exe files, is it possible to get which part of the files has changed ?
>
> Thank's
>
> Ibha ID
> Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...!
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "securityfocus2" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to securityfocus2+unsubscribe (at) googlegroups (dot) com. [email concealed]
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus