-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 norton detects it under the corporate version BloodHound.Exploit.56
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html I guess you tried the norton customer version which isn't virus definition updated everyday, companies are more at risk than poor customers I guess. Todd Towles wrote: > Got a new test of it this morning? I am surprised Norton doesn't have it > yet. > > TrendMicro has released pattern file = 3.135.00 > > It appears to pick up all the trojans using the WMF exploit as of right > now. Variants could affect this however. > > Is this buffer overflow pretty specific like the older GIF exploit? If I > remember correctly, there were really only two ways to make the GIF > exploit work, so the detection was pretty solid. Is this exploit > similar? Or does it have some trick point that could be used to fool > known sigs? > > -Todd > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf >> Of Thierry Zoller >> Sent: Wednesday, December 28, 2005 5:24 PM >> To: [email protected] >> Subject: Re[2]: [Full-disclosure] test this >> >> Dear List, >> >> VirusTotal on 12/29/2005 at 00:16:19 (CET) : >> AntiVir 6.33.0.70 12.28.2005 TR/Dldr.WMF.Agent.D >> Sophos 4.01.0 12.28.2005 Troj/DownLdr-NO >> ClamAV devel-20051108 12.29.2005 Exploit.WMF.A >> >> -- >> http://secdev.zoller.lu >> Thierry Zoller >> Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ7QGGa+LRXunxpxfAQIIHg/+LB1Ca+0lG4Hn+3GRRXeDkZFBck3OARqA uhmnUE24FjF5ds7aIWVtamgHxXmFITT/OxuxA9NZlnIK3CzrojOXFmr7IRnFJfNa QUvp5Q36Rts3oF3CZ6c4KOAHEr8eS1aGY5nuSIy3GCbps/t6wLfuo0Hv4F3bweHy qGD3RMTuw4G3zbyeBhRWo4Egp0CpGSMo+UVQJ7m82BQqLGb6sp8xDn9IdNB4c94k 0x6iWXd/C6pLkBZH+0aWi5I0UdoHnxZgYQGbNpx9/b7TeK3SsW4FJX9y/ZCscc1O dUBNnT2FK7vPpN3DcAAXXlHzAqWgWOXoSjsMkZ9qJXz/nAAxZMZ78hQGbvMEpWMd UJ5VLLr5sWhug8WWRsWkY8LzkaqgRDnoCt415xytFFCBGlwFVoFvLv2pIss6bPtt ObWr79G68wt6hmsuAJ7eU59m5gdvw8U7H1LwtTHjEbj32OFPHP7w3wYdwDRWO6e3 dzvWYQBMdHXvXz6um9aERCJYc8SSmZCMKGPS7WYG7fOQMLvVW2GZ0egLwNVXiC99 KRbW4GnysCwxyQ/pR2unT/eaMhXlviGof57wZBNenibSS4UXPmoAK4sbzLWiox2C P3IGbWSF5YgruZYG/4Wr8k+pqAZC0/tNv2uKIlzSNyXucm/n2b9iKDvSA11+PfJ3 WfNRbbsHc9M= =v7Aj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
