[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.
- To: "'bipin gautam'" <visitbipin@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Multiple AV Vendor Incorrect CRC32 BypassVulnerability.
- From: "Randall M" <randallm@xxxxxxxxxxx>
- Date: Thu, 10 Mar 2005 06:06:09 -0600
>>>>>>>>>>>>>>>>>>>>>.
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of bipin gautam
Sent: Thursday, March 10, 2005 5:00 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx; vuln@xxxxxxxxxxx
Subject: Re: [Full-disclosure] Multiple AV Vendor Incorrect CRC32
BypassVulnerability.
--- Frederic Charpentier <fcharpen@xxxxxxxxxxxxxxxx>
wrote:
> Hi, I saw this behaviour last week with the virus "MyDoom.BE".
> I use the mail gateway with Clamav/Amavis. Clamav doesn't detect the
> virus embeded in the zip file (with a crc broken).
> But, Trendmicro detects it.
That's strange, though i admit... i've shared this info with very few*
trusted security researchers, since past few months..... though i it find
VERY HARD to believe some, who had access to this info since past few month
were involved in creating, "MyDoom.BE"
(O;
Bipin
>>>>>>>>>>>>>>>>>>>>>.
I'm going take a guess that they haven't "lost faith in responsible
disclosure..." as you did per your public disclosure to the lists. If
someone leaked this I'm glad for that. The last thing I need this morning is
infected machines all over the place PLUS the "I can't find my folders" to
IT helpdesk.
RandallM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/