Ethereal: Re: [Ethereal-users] Backdoor program?

Ethereal-users: May 2005

Subject: Re: [Ethereal-users] Backdoor program?
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Tue, 03 May 2005 10:39:37 -0500

Martin Gordon wrote:
> Frisk flags the ethereal download as infected - is this true, please?

...and Carl Wallace wrote:
> Hello,
>
> I was wondering if you've had the same experience as I... on a 'clean'
> build of Windows XP Pro (SP2) I installed FPROT for evaluation, and to
> my surprise it identified (and automatically REMOVED?!) the Ethereal
> uninstall file as the w32/haxdoor.ap@bd
> <mailto:w32/haxdoor.ap@bd> threat and furthermore, it removed my
> ethereal installer (.10.10)! I tried searching Google for
> w32/haxdoor.ap@bd <mailto:w32/haxdoor.ap@bd> and got nothing, which
> seems a bit sketchy, to me. This software seems to be identifying your
> installation as a threat, which I'd guess is a false positive, because
> Ethereal is one of the premieire protocol analyzers out there, yes?

This is probably a false positive.  It's unlikely that a virus or trojan
made it through our development process _and_ has gone unnoticed since
March 11.  I opened a trouble ticket with F-Secure, but haven't received
a response yet.

Follow-Ups:
- RE: [Ethereal-users] Backdoor program?
  - From: Carl Wallace

References:
- [Ethereal-users] Backdoor program?
  - From: Martin Gordon

Prev by Date: [Ethereal-users] Backdoor program?
Next by Date: RE: [Ethereal-users] Backdoor program?
Previous by thread: [Ethereal-users] Backdoor program?
Next by thread: RE: [Ethereal-users] Backdoor program?
Index(es):
- Date
- Thread