|
|
Hi to all!
Trying with a friend the latest Panda Antivirus and
ClamAv we have been found that they are unable to
detect the old "I Love You" virus by simply changing
the name of one variable.
Attached goes a working "I Love You" virus in which I
changed ONLY the variable "dirsystem" with the name
"kk2" (The file attached have the extension ".txt.gz",
otherwise, with the .vbs extension the file will be
locked by all the most populars anti-viral toolkits).
If you sends it to an e-mail server that uses the
Panda True-Prevent this will not found any virus. It
will be "quarantined" if you send with the extension
".vbs", obviously, but will not detect it as a virus.
Panda Antivirus Client-Shield will not found nothing.
It's supposed that Panda TruePrevent and ClamAV should
detect the strings that found in the contents of the
file and should detect it as a virus.
I found, also, that Norton Antivirus 2005 is unable to
detect it.
You can download any old virus that you want, rename
one variable and you will have a "0 day virus".
Wow! That's fun!
NOTE: ClamAV (ClamAV 0.88.2/1439) detect's it.
Disclaimer:
~~~~~~~~~~~
The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this advisory.
---------------------------------------------------------------------------
Contact:
~~~~~~~~
Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<