Comments on: W32/Xpaj: Know Your Polymorphic Enemy http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Will http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25158 Will Tue, 13 Oct 2009 05:29:58 +0000 http://www.labs.com/research/blog/?p=2480#comment-25158 Please stop obscuring anything. It diminishes the value of the information. Please stop obscuring anything. It diminishes the value of the information.

]]> By: robe http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25156 robe Thu, 01 Oct 2009 16:18:50 +0000 http://www.labs.com/research/blog/?p=2480#comment-25156 Nice blog! Looks like Symantec liked it so much, they copy/pasted whole thing to their site - hxxp://www.symantec.com/connect/blogs/w32xpajb-upper-crust-file-infector Nice blog! Looks like Symantec liked it so much, they copy/pasted whole thing to their site – hxxp://www.symantec.com/connect/blogs/w32xpajb-upper-crust-file-infector

]]> By: Niels http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25155 Niels Wed, 23 Sep 2009 17:08:19 +0000 http://www.labs.com/research/blog/?p=2480#comment-25155 No, because they took the trouble to obscure the address in three places, and forget to obscure the bytes in the hex dump. That makes the whole effort pointless. I would expect better from a security-centered company. Doesn't mean I don't appreciate the article itself. No, because they took the trouble to obscure the address in three places, and forget to obscure the bytes in the hex dump. That makes the whole effort pointless. I would expect better from a security-centered company.

Doesn’t mean I don’t appreciate the article itself.

]]> By: MT http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25154 MT Wed, 23 Sep 2009 03:03:45 +0000 http://www.labs.com/research/blog/?p=2480#comment-25154 McAfee does not cure, which stinks as files infected are valid programs. Above virustotal detection screenshot inaccurate about 7 vendors detecting. 9/22/2009 McAfee does not cure, which stinks as files infected are valid programs. Above virustotal detection screenshot inaccurate about 7 vendors detecting. 9/22/2009

]]> By: Vitaly http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25153 Vitaly Wed, 23 Sep 2009 01:38:17 +0000 http://www.labs.com/research/blog/?p=2480#comment-25153 > Great analysis! Is mcafee able to provide cure for the infected files. I understand no other AV software is curing the infected files. Thanks. Virus cleaning is always available once our customers ask for it. No exceptions for this one. > Great analysis! Is mcafee able to provide cure for the infected files. I understand no other AV software is curing the infected files.

Thanks. Virus cleaning is always available once our customers ask for it. No exceptions for this one.

]]> By: sowhat-x http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25152 sowhat-x Wed, 23 Sep 2009 01:07:59 +0000 http://www.labs.com/research/blog/?p=2480#comment-25152 "It looks very silly and unprofessional." And why's that?Because they shared information with other researchers/AV vendors, instead of talking foo-bar and showing off like others do? Very nice article,and hopefully there will be a part 2 of the article, if newer mutations of this threat appears in the wild... “It looks very silly and unprofessional.”
And why’s that?Because they shared information with other researchers/AV vendors,
instead of talking foo-bar and showing off like others do?

Very nice article,and hopefully there will be a part 2 of the article,
if newer mutations of this threat appears in the wild…

]]> By: robe http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25151 robe Tue, 22 Sep 2009 21:26:33 +0000 http://www.labs.com/research/blog/?p=2480#comment-25151 it looks ok, nice analysis it looks ok, nice analysis

]]> By: Niels http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25150 Niels Tue, 22 Sep 2009 15:59:34 +0000 http://www.labs.com/research/blog/?p=2480#comment-25150 Obscuring the location in the screenshots, but leaving the hex-dump visible isn't a very smart move. It looks very silly and unprofessional. Obscuring the location in the screenshots, but leaving the hex-dump visible isn’t a very smart move. It looks very silly and unprofessional.

]]> By: MR http://blogs.mcafee.com/mcafee-labs/w32xpaj-know-your-polymorphic-enemy/comment-page-1#comment-25149 MR Tue, 22 Sep 2009 14:30:03 +0000 http://www.labs.com/research/blog/?p=2480#comment-25149 Hi guys, Great analysis! Is mcafee able to provide cure for the infected files. I understand no other AV software is curing the infected files. Regards, MR. Hi guys,

Great analysis! Is mcafee able to provide cure for the infected files. I understand no other AV software is curing the infected files.

Regards,
MR.

]]>