TechTalkz.com Technology & Computer Troubleshooting Forums - View Single Post

07-11-2007, 11:44 PM

In article <6bqyi.19468$Lu.9500@bignews8.bellsouth.net>, jen@example.com
says...
> "Leythos" <void@nowhere.lan> wrote in message
> news:MPG.2133c5ca8369375298992f@adfree.Usenet.com. ..
> > In article <hGmyi.39465$pu2.35719@bignews1.bellsouth.net>,
> > jen@example.com says...
> >> "Leythos" <void@nowhere.lan> wrote in message
> >> news:MPG.2133b08e8e32469f98992b@adfree.Usenet.com. ..
> >> > In article <Hhlyi.38215$pu2.31654@bignews1.bellsouth.net>,
> >> > jen@example.com says...
> >> >> "Virus Guy" <Virus@Guy.com> wrote in message
> >> >> news:46C8FED8.193F48A8@Guy.com...
> >> >> > Leythos wrote:
> >> >> >> Our email filtering system, GFI Mail Essentials and Security
> >> >> >> catches the malware in them, and they don't appear to be
> >> >> >> licensed with Adobe.
> >> >> > Perhaps the recent PDF malware can be detected without
> >> >> > implimenting
> >> >> > a complete PDF decoding/rendering engine.
> >> >> The recent PDF SPAM run is *not* malware. It's just *SPAM*...
> >> > Then you're just not seeing it with the tools you have. I've seen
> >> > plenty listed as Generic.Peed.Eml by several products.
> >> Don't you mean detected only by BitDefender(as generic)?. Probably
> >> FP... Did you submit them to any other AV companies? Virus Total?
> >> Jotti?
> >> Recent change in Stock-Spam Tactics (PDF and excel):
> >> http://isc.sans.org/diary.html?storyid=3177
> > Nope, they were not detected as the above until last week, and most of
> > them are still just PDF's without malware. Only certain ones are
> > malware
> > carriers - taking advantage of some new PDF exploit that I read about
> > a
> > couple weeks ago.
>
> Could you elaborate(and provide a cite) on this "new PDF exploit" you
> read about a couple weeks ago that this so-called malware that only
> BitDefender detects(generically) takes advantage of? The last PDF
> vulnerability AFAIK was reported in January ...
> Adobe Reader/Acrobat Multiple Vulnerabilities:
> http://secunia.com/advisories/23483/...ated=1#related

Nope, just surfing and read about it, didn't bookmark it or even care
where, sorry. As for the BitDefender, I can only say that few of the
other AV solutions have alerted on the new ones, but we still see both,
so there must be some difference in the PDF's - I'm not about to let one
through to play with it

--
Leythos - spam999free@rrohio.com (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.webservertalk.com/message1907860.html
3rd link shows what he's exposed to children (the link I've include does
not directly display his filth). You can find the same information by
googling for 'PCBUTTS1' and 'exposed to kids'.

07-11-2007, 11:44 PM	#17
Leythos Guest Posts: n/a	Re: New .PDF malware (?) In article <6bqyi.19468$Lu.9500@bignews8.bellsouth.net>, jen@example.com says... > "Leythos" <void@nowhere.lan> wrote in message > news:MPG.2133c5ca8369375298992f@adfree.Usenet.com. .. > > In article <hGmyi.39465$pu2.35719@bignews1.bellsouth.net>, > > jen@example.com says... > >> "Leythos" <void@nowhere.lan> wrote in message > >> news:MPG.2133b08e8e32469f98992b@adfree.Usenet.com. .. > >> > In article <Hhlyi.38215$pu2.31654@bignews1.bellsouth.net>, > >> > jen@example.com says... > >> >> "Virus Guy" <Virus@Guy.com> wrote in message > >> >> news:46C8FED8.193F48A8@Guy.com... > >> >> > Leythos wrote: > >> >> >> Our email filtering system, GFI Mail Essentials and Security > >> >> >> catches the malware in them, and they don't appear to be > >> >> >> licensed with Adobe. > >> >> > Perhaps the recent PDF malware can be detected without > >> >> > implimenting > >> >> > a complete PDF decoding/rendering engine. > >> >> The recent PDF SPAM run is not malware. It's just SPAM... > >> > Then you're just not seeing it with the tools you have. I've seen > >> > plenty listed as Generic.Peed.Eml by several products. > >> Don't you mean detected only by BitDefender(as generic)?. Probably > >> FP... Did you submit them to any other AV companies? Virus Total? > >> Jotti? > >> Recent change in Stock-Spam Tactics (PDF and excel): > >> http://isc.sans.org/diary.html?storyid=3177 > > Nope, they were not detected as the above until last week, and most of > > them are still just PDF's without malware. Only certain ones are > > malware > > carriers - taking advantage of some new PDF exploit that I read about > > a > > couple weeks ago. > > Could you elaborate(and provide a cite) on this "new PDF exploit" you > read about a couple weeks ago that this so-called malware that only > BitDefender detects(generically) takes advantage of? The last PDF > vulnerability AFAIK was reported in January ... > Adobe Reader/Acrobat Multiple Vulnerabilities: > http://secunia.com/advisories/23483/...ated=1#related Nope, just surfing and read about it, didn't bookmark it or even care where, sorry. As for the BitDefender, I can only say that few of the other AV solutions have alerted on the new ones, but we still see both, so there must be some difference in the PDF's - I'm not about to let one through to play with it -- Leythos - spam999free@rrohio.com (remove 999 to email me) Learn more about PCBUTTS1 and his antics and ethic and his perversion with Porn and Filth. Just take a look at some of the FILTH he's created and put on his website: http://www.webservertalk.com/message1907860.html 3rd link shows what he's exposed to children (the link I've include does not directly display his filth). You can find the same information by googling for 'PCBUTTS1' and 'exposed to kids'.