In case this is useful for system scanning for TheMask aka Careto... ---------------------------- Original Message ---------------------------- Subject: [sanesecurity] new database: malwarehash.hsb From: "Steve Basford" <steveb_cla...@sanesecurity.com> Date: Mon, February 17, 2014 4:00 pm To: sanesecurity_annou...@freelists.org Cc: sanesecur...@freelists.org --------------------------------------------------------------------------
New database: malwarehash.hsb False Positive Risk: low Description: Normally hashes, such as rogue.hdb have to contain the size and md5 of a malware sample, in order to match it. The .hsb database allows the ClamAV engine to match, without knowing what the size of the sample is (with a small hit on speed compared to a .hdb) Currently contains known md5's of TheMask aka Careto (Sanesecurity.MalwareHash.TheMask.xxx) More info: http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
