SuperTaz Posted July 27, 2010 Share Posted July 27, 2010 I just downloaded the new 5.32 patch for gamers IRC and then Norton says it is a bad file. I ran a scan through virustotal.com and was amazed. Take a look: http://www.virustotal.com/analisis/e1fbffbfe323546f08904ca3a486b01cc85700c685165753b576fc22f956f9ff-1280236266 Quote Link to comment Share on other sites More sharing options...
Kolor Posted July 27, 2010 Share Posted July 27, 2010 Only 2 of those detections are actually FP's. The others are simply reporting potentially unwanted programs (PUP). Why? Because some network/IT admins would not appreciate IRC clients being used inside their corp networks, and also some malware uses mIRC as a propagation method/backdoor. If you scan any version of mIRC itself (or Xchat etc) you will see similar results: http://www.virustotal.com/analisis/57a008b2303d598cd7ce40d66f64da5b4b18f4e30d073e1ff14b19bea1a73ad3-1280256838 Quote Link to comment Share on other sites More sharing options...
BOTA:X Posted July 28, 2010 Share Posted July 28, 2010 and also some malware uses mIRC as a propagation method/backdoor. Bingo, bot nets. They probably have some lame scan that looks for the host name of an IRC server, and many of the IRC clients come with some pre-configured servers. Quote Link to comment Share on other sites More sharing options...
Kolor Posted July 28, 2010 Share Posted July 28, 2010 More likely as this is a PUP they are using a hash based system, others will base detection on what is found at the EP. Obviously there are other factors to consider when creating detections. Very few scanners however will use string based detection these days. They are too easily circumvented with a high likely hood of FP detections. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.