[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Lua x antivirus
- From: Elias Barrionovo <elias.tandel@...>
- Date: Thu, 12 Jul 2012 18:30:31 -0300
On Thu, Jul 12, 2012 at 3:02 PM, Matthieu Tourne
<matthieu.tourne@gmail.com> wrote:
> This might be related to all the press around the recent Flame, the super
> advanced malware that uses Lua :
> http://notebook.kulchenko.com/programming/flame-malware-using-lua
>
> As a result antivirus might have added Lua as a whole as a signature..
Because of the of "loadstring", Flame seems to be written in 5.1, but
the binary flagged is 5.2. Though I don't think it means much because
I would guess that 51 and 52 share a lot of code.
Anyway, shouldn't other software that embed Lua be flagged as well?
Also, is it happening only with that single binary?
--
NI!
