Also refer to: Careto: Covering unavailable samples http://blog.clamav.net/2014/02/careto-covering-unavailable-samples.html
- Alain On Mon, Feb 17, 2014 at 4:21 PM, Steve Basford < steveb_cla...@sanesecurity.com> wrote: > In case this is useful for system scanning for TheMask aka Careto... > > ---------------------------- Original Message ---------------------------- > Subject: [sanesecurity] new database: malwarehash.hsb > From: "Steve Basford" <steveb_cla...@sanesecurity.com> > Date: Mon, February 17, 2014 4:00 pm > To: sanesecurity_annou...@freelists.org > Cc: sanesecur...@freelists.org > -------------------------------------------------------------------------- > > New database: malwarehash.hsb > False Positive Risk: low > > Description: > > Normally hashes, such as rogue.hdb have to contain the size and md5 of a > malware sample, in order to match it. > > The .hsb database allows the ClamAV engine to match, without knowing what > the size of the sample is (with a small hit on speed compared to a .hdb) > > Currently contains known md5's of TheMask aka Careto > (Sanesecurity.MalwareHash.TheMask.xxx) > > More info: > > http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers > > > Cheers, > > Steve > Sanesecurity > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
