[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Trojan horse?
- From: Irayo <irayo.lt@...>
- Date: Mon, 24 Mar 2008 20:06:24 -0600
Shmuel Zeigerman wrote:
Custom malware can be difficult to detect, but Kaspersky is fairly good
at it; I'd stick with earlier suggestions to ask for the source or run
virtualized. Better safe than sorry.
Update: scanning the mentioned zip-file online with
21 antivirus programs (http://virusscan.jotti.org/):
3 programs (AVG, F-Secure Anti-Virus and Kaspersky Anti-Virus)
found malware, other 18 programs found nothing.
[don't know how to interpret the above results...]
Ordinarily I'd also suggest auditing the code's DLL imports with a
disassembler, but that's time-consuming, more difficult, and not
foolproof at all (unless you're extremely good at assembly), not to
mention that it probably won't help for a DLL that interfaces so much
with the Windows API like this one.