Re: Trojan horse?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Trojan horse?
From: Irayo <irayo.lt@...>
Date: Mon, 24 Mar 2008 20:06:24 -0600

Shmuel Zeigerman wrote:


Update: scanning the mentioned zip-file online with
21 antivirus programs (http://virusscan.jotti.org/):

3 programs (AVG, F-Secure Anti-Virus and Kaspersky Anti-Virus)
found malware, other 18 programs found nothing.

[don't know how to interpret the above results...]

Custom malware can be difficult to detect, but Kaspersky is fairly good at it; I'd stick with earlier suggestions to ask for the source or run virtualized. Better safe than sorry.

Ordinarily I'd also suggest auditing the code's DLL imports with a disassembler, but that's time-consuming, more difficult, and not foolproof at all (unless you're extremely good at assembly), not to mention that it probably won't help for a DLL that interfaces so much with the Windows API like this one.

--
Irayo

Follow-Ups:
- Re: Trojan horse?, eugeny gladkih

References:
- Trojan horse?, Shmuel Zeigerman
- Re: Trojan horse?, Shmuel Zeigerman

Prev by Date: Re: detecting undefined variables--a new mixed approach
Next by Date: Re: detecting undefined variables--a new mixed approach
Previous by thread: Re: Trojan horse?
Next by thread: Re: Trojan horse?
Index(es):
- Date
- Thread