Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:02:28 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1813066622&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Virus%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Fvirus%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1813066622.1338192148.1338192148.1338192148.1%3B%2B__utmz%3D32867617.1338192148.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112298/clamsap-0.9.7.4.tar.gz http://packetstormsecurity.org/files/112298/clamsap-0.9.7.4.tar.gz http://packetstormsecurity.org/files/112298/ClamSAP-Libraries-0.9.7.4.html Fri, 27 Apr 2012 20:46:20 GMT ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example. http://packetstormsecurity.org/files/111785/HPSBPV02754-SSRT100803.txt http://packetstormsecurity.org/files/111785/HPSBPV02754-SSRT100803.txt http://packetstormsecurity.org/files/111785/HP-Security-Bulletin-HPSBPV02754-SSRT100803.html Thu, 12 Apr 2012 03:19:35 GMT HP Security Bulletin HPSBPV02754 SSRT100803 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. Revision 1 of this advisory. http://packetstormsecurity.org/files/110873/clamav-0.97.4.tar.gz http://packetstormsecurity.org/files/110873/clamav-0.97.4.tar.gz http://packetstormsecurity.org/files/110873/Clam-Antivirus-Toolkit-0.97.4.html Fri, 16 Mar 2012 08:08:53 GMT Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. http://packetstormsecurity.org/files/108886/VL-28.txt http://packetstormsecurity.org/files/108886/VL-28.txt http://packetstormsecurity.org/files/108886/Barracuda-Spam-Virus-WAF-600-Cross-Site-Scripting.html Sat, 21 Jan 2012 05:22:43 GMT Barracuda Spam/Virus WAF 600 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/108812/malware-reverse-part-1.pdf http://packetstormsecurity.org/files/108812/malware-reverse-part-1.pdf http://packetstormsecurity.org/files/108812/Malware-Reverse-Engineering-Part-1-Static-Analysis.html Wed, 18 Jan 2012 23:54:47 GMT This malware report is part 1 of 2. This report is an effort to track, categorize, contain, understand root cause and infection vector of said user account/s, networked equipment or computer/s. This report pertains to all incidents reported by TIER II help desk, TIER III engineers, customer complaints or random IT Security audit/finding/pen test. http://packetstormsecurity.org/files/108043/VL-129.txt http://packetstormsecurity.org/files/108043/VL-129.txt http://packetstormsecurity.org/files/108043/Kaspersky-Internet-Security-Anti-Virus-2011-2012-Memory-Corruption.html Tue, 20 Dec 2011 20:34:35 GMT Kaspersky Internet Security 2011/2012 and Kaspersky Anti-Virus 2011/2012 suffer from a local memory corruption vulnerability. http://packetstormsecurity.org/files/107770/avevasion-techniques.pdf http://packetstormsecurity.org/files/107770/avevasion-techniques.pdf http://packetstormsecurity.org/files/107770/Anti-Virus-Evasion-Techniques.html Sun, 11 Dec 2011 23:28:59 GMT Whitepaper called Anti-Virus Evasion Techniques. Some of the techniques discussed are binding and splitting, converting exe to executable client side scripts, and performing code obfuscation/morphing. http://packetstormsecurity.org/files/107088/DSECRG-11-036.txt http://packetstormsecurity.org/files/107088/DSECRG-11-036.txt http://packetstormsecurity.org/files/107088/SAP-NetWeaver-Virus-Scan-Cross-Site-Scripting.html Thu, 17 Nov 2011 23:09:37 GMT The SAP NetWeaver Virus Scan interface suffers from multiple cross site scripting vulnerabilities. http://packetstormsecurity.org/files/105919/clamav-0.97.3.tar.gz http://packetstormsecurity.org/files/105919/clamav-0.97.3.tar.gz http://packetstormsecurity.org/files/105919/Clam-AntiVirus-Toolkit-0.97.3.html Mon, 17 Oct 2011 21:16:30 GMT Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. http://packetstormsecurity.org/files/105892/avcloudflare-xss.txt http://packetstormsecurity.org/files/105892/avcloudflare-xss.txt http://packetstormsecurity.org/files/105892/Anti-Virus-Cloudfare-Cross-Site-Scripting.html Mon, 17 Oct 2011 14:34:17 GMT The service at anti-virus.cloudflare.com suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/105590/qmail-scanner-2.10.tgz http://packetstormsecurity.org/files/105590/qmail-scanner-2.10.tgz http://packetstormsecurity.org/files/105590/Qmail-Scanner-2.10.html Thu, 06 Oct 2011 19:16:03 GMT Qmail-Scanner, (previously known as scan4virus) is an addon that enables a Qmail Email server to scan all gatewayed Email for certain characteristics. It is typically used for its anti-virus protection functions, in which case it is used in conjunction with commercial virus scanners, but also enables a site to react to Email (at a server/site level) that contains specific strings in particular headers, or particular attachment filenames or types. http://packetstormsecurity.org/files/105452/Embedding_the_payload.zip http://packetstormsecurity.org/files/105452/Embedding_the_payload.zip http://packetstormsecurity.org/files/105452/Embedding-The-Payload.html Thu, 29 Sep 2011 23:44:33 GMT Whitepaper called "Embedding the Payload" or "How to avoid AV-Detection". The main goal of this paper focuses on how to undermine system integrity by circumventing anti-virus detection. http://packetstormsecurity.org/files/104383/fsecure-overflow.txt http://packetstormsecurity.org/files/104383/fsecure-overflow.txt http://packetstormsecurity.org/files/104383/F-Secure-Multiple-Products-SEH-Overwrite.html Wed, 24 Aug 2011 02:58:05 GMT F-Secure Anti-Virus 2010 / 2011 and Internet Security 2010 / 2011 active-x SEH overwrite exploit. http://packetstormsecurity.org/files/103727/Sophail.pdf http://packetstormsecurity.org/files/103727/Sophail.pdf http://packetstormsecurity.org/files/103727/Sophail-A-Critical-Analysis-Of-Sophos-Antivirus.html Thu, 04 Aug 2011 23:04:28 GMT This paper describes the results of a thorough examination of Sophos Antivirus internals. The author presents a technical analysis of claims made by the vendor, and publishes the tools and reference material required to reproduce their results. Furthermore, they examine the product from the perspective of a vulnerability researcher, exploring the rich attack surface exposed, and demonstrating weaknesses and vulnerabilities. http://packetstormsecurity.org/files/103415/clamav-0.97.2.tar.gz http://packetstormsecurity.org/files/103415/clamav-0.97.2.tar.gz http://packetstormsecurity.org/files/103415/Clam-Antivirus-Toolkit-0.97.2.html Tue, 26 Jul 2011 04:49:13 GMT Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. http://packetstormsecurity.org/files/102811/fake_malware_and_virus_scanners.pdf http://packetstormsecurity.org/files/102811/fake_malware_and_virus_scanners.pdf http://packetstormsecurity.org/files/102811/Fake-Malware-And-Virus-Scanners.html Tue, 05 Jul 2011 14:50:06 GMT Whitepaper called Fake Malware and Virus Scanners. Rogue security software reports a virus infection, even if your computer is clean. This kind of "software" could also fail to report viruses when your computer is infected. This document show what are the mechanisms to obfuscate this process. http://packetstormsecurity.org/files/102809/client_side_threats_anatomy_of_reverse_trojan_attacks.pdf http://packetstormsecurity.org/files/102809/client_side_threats_anatomy_of_reverse_trojan_attacks.pdf http://packetstormsecurity.org/files/102809/Client-Side-Threats-Anatomy-Of-Reverse-Trojan-Attacks.html Tue, 05 Jul 2011 14:44:34 GMT Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them. http://packetstormsecurity.org/files/102135/clamav-0.97.1.tar.gz http://packetstormsecurity.org/files/102135/clamav-0.97.1.tar.gz http://packetstormsecurity.org/files/102135/Clam-AntiVirus-Toolkit-0.97.1.html Thu, 09 Jun 2011 16:48:05 GMT Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. http://packetstormsecurity.org/files/99853/bypassing-av.pdf http://packetstormsecurity.org/files/99853/bypassing-av.pdf http://packetstormsecurity.org/files/99853/Bypassing-Anti-Virus-Scanners.html Tue, 29 Mar 2011 21:32:28 GMT Whitepaper called Bypassing Anti-Virus Scanners. http://packetstormsecurity.org/files/99635/clamsap-0.9.7.tar.gz http://packetstormsecurity.org/files/99635/clamsap-0.9.7.tar.gz http://packetstormsecurity.org/files/99635/ClamSAP-Libraries-0.9.7.html Wed, 23 Mar 2011 05:46:42 GMT ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example. http://packetstormsecurity.org/files/98253/clamav-0.97.tar.gz http://packetstormsecurity.org/files/98253/clamav-0.97.tar.gz http://packetstormsecurity.org/files/98253/Clam-AntiVirus-Toolkit-0.97.html Tue, 08 Feb 2011 05:00:09 GMT Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. http://packetstormsecurity.org/files/98014/clamav-0.97rc.tar.gz http://packetstormsecurity.org/files/98014/clamav-0.97rc.tar.gz http://packetstormsecurity.org/files/98014/Clam-AntiVirus-Toolkit-0.97rc.html Tue, 01 Feb 2011 00:27:58 GMT Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. http://packetstormsecurity.org/files/97454/ASPR-2011-01-11-1-PUB.txt http://packetstormsecurity.org/files/97454/ASPR-2011-01-11-1-PUB.txt http://packetstormsecurity.org/files/97454/Remote-Binary-Planting-In-Multiple-F-Secure-Products.html Tue, 11 Jan 2011 17:22:11 GMT ACROS Security Problem Report #2011-01-11-1 - A binary planting vulnerability in F-Secure Internet Security 2010 and 2011, F-Secure Anti-Virus 2010 and 2011 and multiple other F-Secure products allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users. http://packetstormsecurity.org/files/96771/estsoft-escalate.txt http://packetstormsecurity.org/files/96771/estsoft-escalate.txt http://packetstormsecurity.org/files/96771/ESTsoft-ALYac-Anti-Virus-1.5-Privilege-Escalation.html Fri, 17 Dec 2010 19:54:43 GMT ESTsoft ALYac Anti-Virus 1.5 versions 5.0.1.2 and below local kernel mode privilege escalation exploit. http://packetstormsecurity.org/files/96769/nprotect-escalate.txt http://packetstormsecurity.org/files/96769/nprotect-escalate.txt http://packetstormsecurity.org/files/96769/NProtect-Anti-Virus-2007-Privilege-Escalation.html Fri, 17 Dec 2010 19:52:01 GMT NProtect Anti-Virus 2007 versions 2010.5.11.1 and below local kernel mode privilege escalation exploit.