Boclean, Poker Trojan, Thunderbird

Discussion in 'other anti-trojan software' started by strangequark, Jul 29, 2006.

Thread Status:
Not open for further replies.
  1. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
  3. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    Yep, no answer yet, I'll post the answer up here if I get it via email rather than through this site.
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    In order to adhere to our policy concerning posting contents of private e-mails....whether they be between an individual or in this case a Company representative....Please acquire the permission to post such contents. Also....if permission is granted....Please assure all personal information, including email addresses, full names, plus any side conversations are left out.

    Thanks,
    Bubba
     
  5. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    Ok, got a reply back from Kevin and an OK to post it here, talk about prompt. Anyway the relevent bits are pasted below.
    Email 1:
    .. they're somehow using a 5 year old nullsoft installer and have UPX'd it in a strange way for BOClean to recognize it as that ... am going to look through any of the other heuristics of that vintage, add the ding-ding-dings and get an update out for you as soon as possible.
    Email 2 :
    Update went out a little while ago with that fixed. Nullsoft installer, UPX 1.24 (the really buggy one) and for extra measure, obfuscated code. Perfect match on the heuristic. We're still trying to find the original poker, once we do we'll combine that with what's already handled and put out another update.
     
Thread Status:
Not open for further replies.