[clamav-users] TheMask aka Careto
Steve Basford
steveb_clamav at sanesecurity.com
Mon Feb 17 21:21:02 UTC 2014
In case this is useful for system scanning for TheMask aka Careto...
---------------------------- Original Message ----------------------------
Subject: [sanesecurity] new database: malwarehash.hsb
From: "Steve Basford" <steveb_clamav at sanesecurity.com>
Date: Mon, February 17, 2014 4:00 pm
To: sanesecurity_announce at freelists.org
Cc: sanesecurity at freelists.org
--------------------------------------------------------------------------
New database: malwarehash.hsb
False Positive Risk: low
Description:
Normally hashes, such as rogue.hdb have to contain the size and md5 of a
malware sample, in order to match it.
The .hsb database allows the ClamAV engine to match, without knowing what
the size of the sample is (with a small hit on speed compared to a .hdb)
Currently contains known md5's of TheMask aka Careto
(Sanesecurity.MalwareHash.TheMask.xxx)
More info:
http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers
Cheers,
Steve
Sanesecurity
More information about the clamav-users
mailing list