My organization recently picked up the WireShark University disc set through a trusted retailer.
I loaded disk 4 and scanned it with symantec. The tftp.pcap file is infected with W32.spybot.ATEW.
Is this a threat?
Or is my A/V software detecting the signature of the spybot in the PCAP file and it's not a threat?
Disk 2 is also infected with W32.spybot.ATEW.
asked 16 Sep '10, 05:35
Hello - we created the original DVD set and, assuming you have that original set, the DVDs are not infected with W32spybot - the trace file you refer to contains signatures of the communications to and from a bot-infected host. It is a .pcap file (trace file) and not an executable so loading it in Wireshark does not pose a risk.
Interesting that the majority of spyware detection tools do not have a problem while some scream bloody murder. Some even tag Wireshark as a "hacktool virus."
If you have any other thoughts/concerns, please post again.
answered 16 Sep '10, 08:07
Better safe then sorry.
answered 16 Sep '10, 12:22