Re: [Full-Disclosure] win2kup2date.exe ?

From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 09/03/04

  • Next message: Thomas Biege: "[Full-Disclosure] SUSE Security Announcement: zlib (SUSE-SA:2004:029)" 
    To: full-disclosure@lists.netsys.com
Date: Fri, 03 Sep 2004 11:19:41 +1200

    Über GuidoZ wrote:

    > ... If you want to email me a copy of it, I'll
    > rip it apart and see what can be seen.

    And world plus dog should entrust you with such material because???

    > P.S. Send it to [...] - it's my "catch all" for
    > virus/unknown files. Just be sure to ZIP it up or else the web host
    > won't let it through. Otherwise I have disabled all checks/scan.
    > Downloads directly to a secured Linux box.

    That's all very nice, but alone, far from the makings of someone to
    entrust arbitrary, suspected malware samples to.

    I'm also rather suspicious of your promotion of Virus Total. Hispasec,
    as far as I can tell (Spanish being something I have to have translated
    via online services), has no antivirus or similar product of its own,
    yet it has set up, and some folk seem to be promoting, what is
    effectively a sample collection mechanism. I've also heard vague
    rumblings that Hispasec/Virus Total does not have suitable licenses for
    at least some of the scanners used in its service (and strongly suspect
    that several of the AV vendors whose products are currently used would
    not allow their products to be licensed for use in a service of the
    kind Virus Total offers anyway because it paints a rather disturbing
    trust picture -- "You can trust me because I can run a virus
    scanner...").

    Regards,

    Nick FitzGerald

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Thomas Biege: "[Full-Disclosure] SUSE Security Announcement: zlib (SUSE-SA:2004:029)"