Re: Virus warning w.r.t. starkits

From: Ulrich Schöbel (usus_at_aladyn.de)
Date: 04/01/04

• Next message: Cameron Laird: "Spoiling the fun (was: Virus warning w.r.t. starkits)"
• Previous message: lvirden_at_yahoo.com: "Re: Virus warning w.r.t. starkits"
• In reply to: Michael Schlenker: "Re: Virus warning w.r.t. starkits"
• Next in thread: Cameron Laird: "Spoiling the fun (was: Virus warning w.r.t. starkits)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 1 Apr 2004 18:42:35 +0200

In article <c4hc2c$2js$1@newssrv2.hrz.uni-oldenburg.de>,
        Michael Schlenker <schlenk@uni-oldenburg.de> writes:
> Ulrich Schöbel wrote:
>>
>>
>> Hi Michael,
>>
>> this is a nice solution to find known virus signatures, but it
>> can't find a tcl virus.
>>
>> It's easy to pack a malicious tcl package into a starkit.
>> Reading its source would expose its harmful nature, but
>> *who does this?*
> This isn't entirely the truth, as a starkit may contain platform
> specific binary code like .dlls or even executable payload.
> (I distribute perl scripts, javascript, java, and various windows exes
> this way).
> So if the payload gets infected with some viral code, Tcl source code
> inspection wouldn't reveal it, only AV scanning would (if it is a known
> problem). But due to the starkit the viral code could dodge detection by > standard AV software.

That's true, and I didn't doubt it.
A tcl virus is just an additional source of danger.

Best regards

Ulrich

> But the general advice to only use trusted sources is obviously a good
> one, but its just not enough, even trusted sources may be corrupted.
> Michael

-- 
For those of you who don't get this e-mail, let me know and I'll re-send it.

---

• Next message: Cameron Laird: "Spoiling the fun (was: Virus warning w.r.t. starkits)"
• Previous message: lvirden_at_yahoo.com: "Re: Virus warning w.r.t. starkits"
• In reply to: Michael Schlenker: "Re: Virus warning w.r.t. starkits"
• Next in thread: Cameron Laird: "Spoiling the fun (was: Virus warning w.r.t. starkits)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages RE: Virus W32/Xscan.A ... Hi Michael, ... Trend Micro House Call: ... Kaspersky Labs On-line Virus Checker: ... Windows 2000 Security Homepage: ... (microsoft.public.security.virus) Re: Virus Scanning, SMTP ... Michael wrote: ... > Is there a de facto standard for email virus scanning with Linux? ... > doesn't matter if it's a free solution or not, ... Then thanks to qmail-qfilter I block all executable attachement. ... (comp.os.linux.security) Re: Help! XP crashes whenever I right click a file on the desktop ... Dan, I looked and my Task Manager and the only thing that is using any cpu ... > Michael wrote: ... If I try to play an album in My Music ... >> I've run so many virus checks and spy ware checks but nothing was ... (microsoft.public.windowsxp.help_and_support) Re: HELP !!!! -- PC freezes during virus scan (nav,avg also online) ... Michael wrote: ... >> But now my PC freezes during virus scan. ... > I've never had too much luck with Trend Micro's online scanner, ... PestPatrol's scanner works ok, but I ... (microsoft.public.scripting.virus.discussion) Re: Intermittent Problem replying or forwarding emailk ... Here is the error message: ... Rev. Michael L. Burns ... > the (insert latest virus name here) virus, all mail sent to my personal ... (microsoft.public.outlook.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)