Re: Trojan Detected by Kaspersky in One Debian DVD
On Wed, Oct 31, 2012 at 08:17:52PM -0400, Alan Feuerbacher wrote:
> A couple of weeks ago I downloaded to my Windows 7 machine 10 DVD
> iso files for debian-6.0.6-amd64. I have not yet installed Debian to
> this machine.
>
> Last night Kaspersky anti-virus detected a Trojan in one of the files:
>
> debian-6.0.6-amd64-DVD-7.iso\pool\main\n\nepenthes\nepenthes_0.2.2-6_amd64.deb\data.tar\.\usr\share\doc\nepenthes\README.VFS
>
> The Trojan is called Trojan-Downloader.BAT.ftp.z
>
> Is this a real Trojan? If so, why would it be there? If not, what is it?
This is a false positive: There is no trojan in the file README.VFS, but what's
interesting is that the package concerned (nepenthes, as John helpfully provided
a packaging link to) is a security tool related to trojans:
"versatile tool to collect malware by emulating widespread vulnerabilities"
Reply to: