Excuse the vulgar pun.
Looking up the entry for Mal/Krap-D I found in the More Information tab the following sentence: Mal/Krap-D has been encrypted with a packing algorithm commonly used by Susware authors.
Hold it! What the pandemonium is Susware? No entry in the glossary. Searching the Sophos site for susware turns up three entries: In addition to the one where I originally found the term there's Sus/Krap-D and Mal/Krap-F. Same sentence (except for the item name of course).
Side notes:
1) As all analyses (HIPS/, HPsus/ and SUS/) in the "Suspicious" category have the same contents in the Action tab the Sending a file to the lab? paragraph should be amended: ... and mention this "HIPS/" detection.
2) It is maybe a sign of Sophos' cosmopolitanism to use both AE and BE spelling like in the following glossary entry:
Suspicious behavior
| Description: |
Suspicious behaviour comprises characteristics of running processes (ie. post-program execution) which are deemed to be predominantly, but not exclusively, related to malware. |
|---|
Christian
This thread was automatically locked due to age.