7 December 2007 14:29 GMT
More worrying MD5 discoveries
After the recent news about manufactured MD5 checksum collisions, 20 minutes worth of research was carried out to see if any new information could be gathered.
Astonishingly, it turned out that malware can provide an indication of their functionality from their MD5!
For instance:
A downloading Trojan (Mal/TinyDL-H) provides possible evidence of how it is distributed!
c1fdb98ae440eeef9f72 5eeded e13dc9
A password stealing Trojan detected as Mal/Generic-A details how it wants access!
6a3ebcd35 acce55 b454a449f41aa4b07
Mal/EncPk-BN is ready for battle!
71e2419f53b65bb741ce0408b ba771e 7
A replicant of the virus W32/Sality-AD shows its true nature!
5fd5635deb9bd16351ab8 bea57 d5c281
Troj/PSW-Gen shows extreme awareness about its construction!
c0ded 0db636accdb685dd7b30a187c88
Troj/NoGot-Gen goads security professionals into a cryptographic challenge!
cd dec0de 4de13eed222e5f99949ddbc1
Troj/Dorf-W thinks it has got everyone fooled!
337c331e75d f001ed 23804d3812cd711
It looks like Mal/Zlob-D should stay away from pizza…
d6e87191a7fc5925266e6e07d fa7a55 0
After all this bogus research, it seems time to join Mal/Packer in a coffee
aa53b436b8d89dfc49b0853156 c0ffee
Billy McCourt, SophosLabs UK
