Virus found on Firewall Leak Test web page

Discussion in 'malware problems & news' started by xTiNcTion, Mar 3, 2004.

Thread Status:
Not open for further replies.
  1. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    Hello,

    if you go
    http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/leaktest13.htm

    then trying to download
    Ghost.exe

    NAV said "Hactool.Sechole" virus found, and removed

    this is a trojan.

    is this normal? o_O
     
  2. ShotgunGirl

    ShotgunGirl Guest

    Its normal if you download and install a trogan such as a leak test. If you installed a leak test did you use it to test your firewall before NAV caught it?
    A leaktest is nothing more or less than a self installed trogan used for testing a firewall .
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Yes, I agree. Several leaktests are flagged by AV / AT products on purpose. Sometimes they are flagged just because people want to see that their products can detect these things and sometimes they are caught heuristically based upon what they do.

    In this case, NAV is directly flagging that tool as "Hactool.Sechole" (A "hacker tool - security hole" exploit. All that means is NAV recognizes that specific leaktest.)

    If you are going to download and test with leaktests, you should expect some of them to be flagged by your AV / AT products.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    This is a similar thread about a different leaktest download that was flagged as malware...

    http://www.wilderssecurity.com/showthread.php?t=20825
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi xTinction,

    i am the author of leaktests Ghost and Wallbreaker, and i can tell you that both, as any leaktest program, aren't spywares/trojans/viruses/worms, in fact aren't malwares at all.

    As LowWaterMark has well said, AV detects them not as viruses but as hacker tools, and hacker mean before all "White Hat" not Black hat.
    But all AV detects most of leaktests because even if their code isn't harmfull, included into a trojans it could be harmfull, so it's better to detect the code.

    If you wish to tests leaktests, download them into an exluded folder (AV exlusion list) and then you can use them safely.

    regards,

    gkweb.
     
Loading...
Thread Status:
Not open for further replies.