D
Dave Cohen
Looking at the avast home page, I don't see any reference to subject virus.
Does anyone know if current avast detects this.
Dave Cohen
Does anyone know if current avast detects this.
Dave Cohen
D
David H. Lipman
From: "Dave Cohen" <[email protected]>
| Looking at the avast home page, I don't see any reference to subject virus.
| Does anyone know if current avast detects this.
| Dave Cohen
|
Which version of Sober ?
Realiza that AV vendors don't use the same naming convention. However the US CERT Common
Malware Enumeration project does set a standard so is this CME-681 ?
CME-681 -- http://cme.mitre.org/data/list.html
| Looking at the avast home page, I don't see any reference to subject virus.
| Does anyone know if current avast detects this.
| Dave Cohen
|
Which version of Sober ?
Realiza that AV vendors don't use the same naming convention. However the US CERT Common
Malware Enumeration project does set a standard so is this CME-681 ?
CME-681 -- http://cme.mitre.org/data/list.html
D
Dave Cohen
I'm not that familiar with this stuff. The history is I read a warning on aDavid H. Lipman said:
news page, forget which one, did a google on the name and saw the major
players (Semantic, McAfee etc.) had it covered, but like I said, didn't see
a similar reference on the Avast home page. Sobor X is all I know it by.
Dave Cohen
J
johan jansen
Why don't you check the VPS updates history on the avast site . TheDave said:
update's for the sobor varient's were included on the 22/11 update anyway.
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0547-5, 26/11/2005
Tested on: 11/26/2005 08:27:46
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com
B
Beauregard T. Shagnasty
johan said:
Please consider turning off the insertion of the above advertisement in
your posts (and probably emails, too). Modern viruses use their own SMTP
engine to replicate and your scanning of outbound mail is pointless.
Besides, no a-v program can really guarantee the mail would be clean. It
is just an advertisement.
R
Ron Lopshire
Beauregard said:
I use KAV, and don't scan outgoing email/posts (as BTS noted, what's
the point), but does NOD32 still add this kind of spam to outgoing
messages? IMHO, NOD32 is too good of a product to be engaging in this
type of marketing BS. Fortunately, most NOD32 users aren't that
clueless, and leave this "feature" off.
Ron
R
Ron Lopshire
Dave said:
Dave,
Is this what your looking for? Win32:Sober-X
Win32:Sober-H
(http://www.avast.com/eng/win32soberh.html)
H was the highest I could find on the English Web Site, but I am sure
that more effort goes into keeping the databases updated. Try one of
the Avast English forums(fora):
(http://forum.avast.com/)
Email-Worm.Win32.Sober.a - other naming conventions:
(http://www.viruslist.com/fr/viruses/encyclopedia?virusid=23067)
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=23067)
Sober steals your passwords
(http://www.viruslist.com/en/weblog?weblogid=174064017)
Kaspersky is up to Z:
Email-Worm.Win32.Sober.x
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=99826)
Email-Worm.Win32.Sober.y
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=99827)
Email-Worm.Win32.Sober.z
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=99828)
Ron
I
Ian Kenefick
The EMON (Outlook plugin) module has the option to append a signature
to outgoing mail. This is disabled by default. However as this module
is purely supplemental to the IMON module (supporting email clients
protection where the protocol may not be supported) this is a non
issue now. IMON only appends a message to incoming mail and the option
to append to outgoing mail is NOT available since NOD32 IMON doesn't
scan outgoing mail.
D
Dave Cohen
I sent an email to Avast support and sober x was covered as of 11/22. JustRon Lopshire said:Dave,
Is this what your looking for? Win32:Sober-X
Win32:Sober-H
(http://www.avast.com/eng/win32soberh.html)
H was the highest I could find on the English Web Site, but I am sure that
more effort goes into keeping the databases updated. Try one of the Avast
English forums(fora):
(http://forum.avast.com/)
Email-Worm.Win32.Sober.a - other naming conventions:
(http://www.viruslist.com/fr/viruses/encyclopedia?virusid=23067)
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=23067)
Sober steals your passwords
(http://www.viruslist.com/en/weblog?weblogid=174064017)
Kaspersky is up to Z:
Email-Worm.Win32.Sober.x
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=99826)
Email-Worm.Win32.Sober.y
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=99827)
Email-Worm.Win32.Sober.z
(http://www.viruslist.com/en/viruses/encyclopedia?virusid=99828)
Ron
doesn't show up on their website. This one apparently shows as attachment
from the FBI claiming recipient has visited questionable sites and should
complete attached form. Not sure who would fall for that one.
Dave Cohen
D
David H. Lipman
From: "Dave Cohen" <[email protected]>
| I sent an email to Avast support and sober x was covered as of 11/22. Just
| doesn't show up on their website. This one apparently shows as attachment
| from the FBI claiming recipient has visited questionable sites and should
| complete attached form. Not sure who would fall for that one.
| Dave Cohen
|
Bingo !
CME-681 -- http://cme.mitre.org/data/list.html
W32/Sober@MM!M681 -- http://vil.nai.com/vil/content/v_137072.htm
| I sent an email to Avast support and sober x was covered as of 11/22. Just
| doesn't show up on their website. This one apparently shows as attachment
| from the FBI claiming recipient has visited questionable sites and should
| complete attached form. Not sure who would fall for that one.
| Dave Cohen
|
Bingo !
CME-681 -- http://cme.mitre.org/data/list.html
W32/Sober@MM!M681 -- http://vil.nai.com/vil/content/v_137072.htm