关于网购木马的黑DLL，Sophos的分析师貌似搞不定了

firefox3

Hello,

Thank you for submitting the sample files. SophosLabs have asked for more information about the DLL files you have sent, please can you tell us why you believe they are infected? are you getting virus detections for them or any other files?

Regards,

Peter Ranson
Sophos Technical Support
http://www.sophos.com/support/services/technical.html

Support knowledgebase: http://www.sophos.com/support
Follow us on Twitter @SophosSupport
SophosTalk community (discussion forums): http://community.sophos.com

SOPHOS - simply secure



-----Original Message-----
From: XXX@XXX.com
Sent: 2012-04-13 09:54 AM
To: supportsamples@Sophos.com,
Cc:
WARNING: One or more of the attachments (scan1.zip, QBHelper.zip) in this e-mail have been removed because they might exhibit potentially malicious behaviour. The original attachments have been automatically sent to SophosLabs for analysis. If the attachments are clean, you should receive them within 30 minutes of this e-mail. If you have not received the attachments within 60 minutes of this e-mail and wish to receive them, please contact LabRequests and state the following: ID: 4F87E995_21098_4778_1 Server: de-wie-mx2.brown.sophos


password : infected

360Tencent

把测试环境告诉他们，白文件奉上，国外厂商不了解我朝的风土人情。。。。。。好比你拿个盗VISA，Paypal,Mastercard 帐号和密码的病毒或者必须配合雅虎通，IRC客户端才能重现动作的木马到国内来分析一样

当然他们的病毒分析师懂不懂中文，有没有兴趣装个QQ国版版或者到淘宝网来实地买点东西什么的，就不是你能控制的了

firefox3

360Tencent 发表于 2012-4-13 23:35
把测试环境告诉他们，白文件奉上，国外厂商不了解我朝的风土人情。。。。。。好比你拿个盗VISA，Paypal,Mas ...

有道理

yaofang1989

天朝的木马有特色，老外还需努力啊

bayern

中国人绝对聪明，不过很多时候用在了不该用的地方
国外的病毒估计还是在恶意行为上，不过老外已经对QQ粘虫各种特殊命名了

maomao110

360Tencent 发表于 2012-4-13 23:35
把测试环境告诉他们，白文件奉上，国外厂商不了解我朝的风土人情。。。。。。好比你拿个盗VISA，Paypal,Mas ...

说得好

留侯

守护士的技术分析师真的是很坦诚啊！这样的病毒样本，真的是需要全部上报啊！

656635525

上报25 26过          AVG 到现在还不是一样不入库

firefox3

留侯 发表于 2012-4-14 16:01
守护士的技术分析师真的是很坦诚啊！这样的病毒样本，真的是需要全部上报啊！

每次都是连带测试的白exe一起发过去的

ADSLgg

firefox3 发表于 2012-4-14 16:29
每次都是连带测试的白exe一起发过去的

最好再加点文字说明，否则老外以为两个都有问题