Trend Micro just released a Controlled Pattern File Release (CPR) Pattern Update - 3.1.34.04
http://www.trendmicro.com/vinfo/ The current auto-update sig = 3.1.33.00 -Todd > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Valdis Shkesters > Sent: Wednesday, December 28, 2005 1:46 PM > To: Peter Bruderer; [email protected] > Subject: Re: [Full-disclosure] test this > > This is a report processed by VirusTotal on 12/28/2005 at > 20:38:41 (CET) after scanning the file "xpladv548.wmf.gz" file. > > AntiVir - no virus found > Avast - Win32:Exdown > AVG - no virus found > Avira - no virus found > BitDefender - Exploit.Win32.WMF-PFV > CAT-QuickHeal - no virus found > ClamAV - no virus found > DrWeb - no virus found > eTrust-Iris - no virus found > eTrust-Vet - no virus found > Ewido - no virus found > Fortinet - W32/WMF-exploit > F-Prot - no virus found > Ikarus - no virus found > Kaspersky - Trojan-Downloader.Win32.Agent.acd McAfee - Exploit-WMF > NOD32v2 - Win32/TrojanDownloader.Wmfex > Norman - no virus found > Panda - Exploit/Metafile > Sophos - no virus found > Symantec - no virus found > TheHacker - no virus found > UNA - no virus found > VBA32 - no virus found > > http://www.virustotal.com > > ----- Original Message ----- > From: "Peter Bruderer" <[EMAIL PROTECTED]> > To: "D B" <[EMAIL PROTECTED]> > Cc: <[email protected]> > Sent: Wednesday, December 28, 2005 7:17 PM > Subject: Re: [Full-disclosure] test this > > > > Hi there > > > > Using a previous unknown hole in windows, an exploit was discovered > > which infects a PC with spyware and trojans. The PC is > infected using a > > manipulated picture in the WMF format. > > > > Only Symantec found a trojan downloader. Another AV > scanners found the > > downloaded code, but did not recognize the actual downloader. > > > > (http://www.heise.de/security/news/meldung/67794 for the german > > speeking) > > > > More info: > > http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 > > http://isc.sans.org/diary.php?storyid=972 > > > > My scanners (McAfee, Kaspersky, Clam) did not find anything. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
