 |
 |
A spam email contained the following link to a .exe file: http://mercadoabc.com.br/report_7070.exe This file undoubtedly does bad things but out of curiosity, I downloaded it. The first thing I found interesting was that Nod32 let me download it at all. Once the file was downloaded, I scanned it with Nod32, no badware detected. I then uploaded the file to virustotal.com, which indicated that the file had been previously submitted. Instead of letting the site rescan the file, I chose to look at the previous report. I was struck by the results. Although a number of scanners flagged this as a trojan, what was more interesting was the number that didn't, including nod32, Symantec, and Sunbelt. I wonder, if I let Virustotal reanalyze the file, if more scanners would detect something bad. Not sure what, if anything can be gleaned from this. Are the scanners that detected it updating their definitions more frequently, just more sensitive or what? Al Puzzuoli Michigan State University Information Technologist http://www.rcpd.msu.edu Resource Center for Persons with Disabilities 120 Bessey Hall East Lansing, MI 48824-1033 517-884-1915