Search

About me

Johannes (Hanno) Böck
Plauenerweg 4
71540 Murrhardt
nick: Ctulhu
mail: hanno@hboeck.de
jabber: hanno@hboeck.de
gpg: BBB51E42

schokokeks.org

Berliner Energietisch

Atheist

Twitter/identi.ca

hanno: RT @mbeisen: publisher petition opposing expansion of public access policies http://t.co/yiiXe5UR

hanno: RT @bengoldacre: Shutting down an anti-Olympics protest account isnt about trademark. It's about big money stifling dissent http://t.co/ ...

hanno: RT @bengoldacre: Dear Journals. You are srsly not helping your case by ACTIVELY OBSTRUCTING science. Love, Science. RT @alokjha: http:/ ...

hanno: RT @gwup: gefällt das: @hanno titelt im Blog von @wirklimaretter über #6WSC12 mit "Das Treffen der guten Skeptiker": http://t.co/FH8KiBB ...

hanno: RT @Mario_Thurnes: Erfurt: Vater Sportschütze; Winnenden: Vater Sportschütze, Memmingen: Vater Sportschütze. Wir brauchen dringend Disku ...

Anzeigen

Events

23.05 - 26.05 - Linuxtag Berlin
07.06 - 10.06 - GPN (14 Days)
25.08 - 26.08 - FrOSCon (93 Days)
26.09 - 27.09 - Open-Access-Tage (125 Days)
03.11 - Brandenburger Linux-Infotag (163 Days)
My pages
Picture gallery

Archives

Categories



All categories

Feeds

Tags

Creative Commons

CC0
Unless noted otherwise, all content is CC Zero / public domain

Anti-virus applications and the Bundestrojaner

Monday, October 10. 2011, 20:05
BundestrojanerTwo days ago, the german Chaos Computer Club (CCC) published a sample that's supposedly a variant of a german state spy software (the so-called "Bundestrojaner").

You might wonder if your anti virus software is protecting you. The webpage Virus Total lets you upload suspicious files, scans them with 43 different anti virus applications and presents you the result. Currently, 24 of 43 scanners detect the Bundestrojaner.

The CCC provides some further information where they state that the file they released is not the original one - they had several samples that differed and to avoid detection of the potential source, they changed the differing parts to something completely else. You might wonder if your anti virus app also detects the "original" Bundestrojaner and not just the modified file the CCC released.

We can easily check this if we change the modified pieces again to something else. A modified variant lowered the detection rate to 14 of 43 - amongst them the popular McAffee software. Now, it's pretty useless to only detect the exact published sample of a malware if we know that the original malware is different.

ApplicationVersionSig dateModified sampleOriginal CCC sample
AhnLab-V32011.10.08.012011-Okt-09Trojan/Win32.R2d2Trojan/Win32.R2d2
AntiVir7.11.15.1752011-Okt-09TR/GruenFink.1TR/GruenFink.1
Antiy-AVL2.0.3.72011-Okt-09--
Avast6.0.1289.02011-Okt-09Win32:Trojan-genWin32:Trojan-gen
AVG10.0.0.11902011-Okt-07--
BitDefender7.22011-Okt-10Backdoor.R2D2.ABackdoor.R2D2.A
ByteHero1.0.0.12011-Sep-23--
CAT-QuickHeal11.002011-Okt-07--
ClamAV0.97.0.02011-Okt-10Trojan.BTroj-1Trojan.BTroj-1
Commtouch5.3.2.62011-Okt-10-W32/R2D2.A
Comodo104072011-Okt-10-Backdoor.Win32.R2D2.A
DrWeb5.0.2.033002011-Okt-10--
Emsisoft5.1.0.112011-Okt-10Trojan.Win32.Bundestrojaner!A2Backdoor.Win32.R2D2!IK
eSafe7.0.17.02011-Okt-06--
eTrust-Vet36.1.86052011-Okt-07--
F-Prot4.6.2.1172011-Okt-09-W32/R2D2.A
F-Secure9.0.16440.02011-Okt-10Backdoor:W32/R2D2.ABackdoor:W32/R2D2.A
Fortinet4.3.370.02011-Okt-10-W32/R2D2.A!tr.bdr
GData222011-Okt-10Backdoor.R2D2.ABackdoor.R2D2.A
IkarusT3.1.1.107.02011-Okt-10-Backdoor.Win32.R2D2
Jiangmin13.0.9002011-Okt-09--
K7AntiVirus911552582011-Okt-08--
Kaspersky9.0.0.8372011-Okt-09Backdoor.Win32.R2D2.aBackdoor.Win32.R2D2.a
McAfee5.400.0.11582011-Okt-10-Artemis!930712416770
McAfee-GW-Edition2010.1D2011-Okt-09-Artemis!930712416770
Microsoft177022011-Okt-10Backdoor:Win32/R2d2.ABackdoor:Win32/R2d2.A
NOD3265292011-Okt-10Win32/R2D2.AWin32/R2D2.A
Norman6.7.20112011-Okt-09--
nProtect2011-10-10.012011-Okt-10--
Panda10.0.3.52011-Okt-09-Suspiciousfile
PCTools8.0.0.52011-Okt-10Backdoor.R2D2Backdoor.R2D2
Prevx3.02011-Okt-10--
Rising23.78.06.022011-Okt-09--
Sophos4.70.02011-Okt-10Troj/BckR2D2-ATroj/BckR2D2-A
SUPERAntiSpyware4.40.0.10062011-Okt-08--
Symantec20111.2.0.822011-Okt-10Backdoor.R2D2Backdoor.R2D2
TheHacker6.7.0.1.3182011-Okt-09--
TrendMicro9.500.0.10082011-Okt-09--
TrendMicro-HouseCall9.500.0.10082011-Okt-10-BKDR_R2D2.A
VBA323.12.16.42011-Okt-07--
VIPRE107182011-Okt-10-Trojan.Win32.Generic!BT
ViRobot2011.10.10.47102011-Okt-10--
VirusBuster14.1.3.02011-Okt-09--

Scans done Monday morning around 8:00.
Computer culture, English, Politics, Security | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , , ,

Free rar unpacking code

Saturday, October 8. 2011, 20:03
One of the few pieces of non-free software I always needed on my system is a rar unpacker. Despite that there are very good free alternatives for high-compression archivers like 7-zip or tar.xz, many people seem to like relying on a proprietary format like rar and it's in widespread use.

Years ago, someone came up with a GPLed rar unpacker, but sadly, that was never updated to support the rar version 3 format. Its development is stalled.

For that reason, some time back I suggested to the Free Software Foundation to add a free rar unpacking tool to their list of high priority projects - they did so. Happily I recently read that they've removed it. There's The Unarchiver now, based on an old amiga library. It supports a whole bunch of formats - including rar v3. It's mainly a MacOS application, but it also provides a command line tool that can be compiled in Linux.

It needs objective C, the gnustep-base libraries and it took me some time to get it to compile properly. For the Gentoo-users: I already committed an ebuild, just run "emerge TheUnarchiver".
Copyright, English, Gentoo, Linux | Comments (10) | Trackbacks (0)
Defined tags for this entry: , , , , ,
(Page 1 of 1, totaling 2 entries)