MSUNAG Archives

MSUNAG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave MSUNAG
Reply | Post New Message
Search Archives


Subject: Disparity in Antivirus Detection Between Scanners.
From: Al Puzzuoli <[log in to unmask]>
Reply-To:Al Puzzuoli <[log in to unmask]>
Date:Thu, 18 Jun 2009 16:32:46 -0400
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (32 lines) 


A spam email contained the following link to a .exe file:
http://mercadoabc.com.br/report_7070.exe

This file undoubtedly does bad things but out of curiosity, I downloaded
it.  The first thing I found interesting was that Nod32 let me download
it at all.  Once the file was downloaded, I scanned it with Nod32, no
badware detected.    I then uploaded the file to virustotal.com, which
indicated that the file had been previously submitted.  Instead of
letting the site rescan the file, I chose to look at the previous
report.  I was struck by the results.  Although a number of scanners
flagged this as a trojan, what was more interesting was the number that
didn't, including nod32, Symantec, and Sunbelt.  I wonder, if I let
Virustotal reanalyze the file, if more scanners would detect something
bad.  Not sure what, if anything can be gleaned from this.  Are the
scanners that detected it updating their definitions more frequently,
just more sensitive or what?

   

Al Puzzuoli                              
 
Michigan State University
 
Information Technologist                                       
http://www.rcpd.msu.edu
 
Resource Center for Persons with Disabilities
 
120 Bessey Hall East Lansing, MI  48824-1033
 
517-884-1915 
 

Back to: Top of Message | Previous Page | Main MSUNAG Page

Permalink


LIST.MSU.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager