NOD32 missed this one

  • Thread starter Thread starter Duh_OZ
  • Start date Start date
D

Duh_OZ

First 'miss' in a visited malware link. Link was from obtained from
a some e-mail that I think said I had an infected file. E-mail was in
Spanish, only partly comprende'd some of it ;-)

hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe

Virus total:

AhnLab-V3 2007.12.18.10 2007.12.17 -
AntiVir 7.6.0.45 2007.12.17 TR/Delphi.Downloader.Gen
Authentium 4.93.8 2007.12.16 Possibly a new variant of W32/NewMalware-
LSU-based!Maximus
Avast 4.7.1098.0 2007.12.17 -
AVG 7.5.0.503 2007.12.17 -
BitDefender 7.2 2007.12.17 BehavesLike:Trojan.Downloader
CAT-QuickHeal 9.00 2007.12.17 Win32.Packed.NSAnti.r
ClamAV 0.91.2 2007.12.17 -
DrWeb 4.44.0.09170 2007.12.17 Trojan.DownLoader.origin
eSafe 7.0.15.0 2007.12.17 suspicious Trojan/Worm
eTrust-Vet 31.3.5382 2007.12.17 -
Ewido 4.0 2007.12.17 -
FileAdvisor 1 2007.12.17 -
Fortinet 3.14.0.0 2007.12.17 -
F-Prot 4.4.2.54 2007.12.17 W32/NewMalware-LSU-based!Maximus
F-Secure 6.70.13030.0 2007.12.17 -
Ikarus T3.1.1.15 2007.12.17 Generic.Banker.Delf
Kaspersky 7.0.0.125 2007.12.17 Heur.Downloader
McAfee 5187 2007.12.17 New Malware.u
Microsoft 1.3109 2007.12.17 -
NOD32v2 2728 2007.12.17 -
Norman 5.80.02 2007.12.17 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.12.17 Trj/Banker.IBE
Prevx1 V2 2007.12.17 -
Rising 20.23.02.00 2007.12.17 -
Sophos 4.24.0 2007.12.17 Mal/Packer
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.17 -
TheHacker 6.2.9.161 2007.12.17 W32/Behav-Heuristic-067
VBA32 3.12.2.5 2007.12.17 suspected of Downloader.Banload.15 (paranoid
heuristics)
VirusBuster 4.3.26:9 2007.12.17 Packed/NSPack
Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Delphi.Downloader.Gen
 
Duh_OZ said:
First 'miss' in a visited malware link. Link was from obtained from
a some e-mail that I think said I had an infected file. E-mail was in
Spanish, only partly comprende'd some of it ;-)

hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe

Virus total:

AhnLab-V3 2007.12.18.10 2007.12.17 -
AntiVir 7.6.0.45 2007.12.17 TR/Delphi.Downloader.Gen
Authentium 4.93.8 2007.12.16 Possibly a new variant of W32/NewMalware-
LSU-based!Maximus
Avast 4.7.1098.0 2007.12.17 -
AVG 7.5.0.503 2007.12.17 -
BitDefender 7.2 2007.12.17 BehavesLike:Trojan.Downloader
CAT-QuickHeal 9.00 2007.12.17 Win32.Packed.NSAnti.r
ClamAV 0.91.2 2007.12.17 -
DrWeb 4.44.0.09170 2007.12.17 Trojan.DownLoader.origin
eSafe 7.0.15.0 2007.12.17 suspicious Trojan/Worm
eTrust-Vet 31.3.5382 2007.12.17 -
Ewido 4.0 2007.12.17 -
FileAdvisor 1 2007.12.17 -
Fortinet 3.14.0.0 2007.12.17 -
F-Prot 4.4.2.54 2007.12.17 W32/NewMalware-LSU-based!Maximus
F-Secure 6.70.13030.0 2007.12.17 -
Ikarus T3.1.1.15 2007.12.17 Generic.Banker.Delf
Kaspersky 7.0.0.125 2007.12.17 Heur.Downloader
McAfee 5187 2007.12.17 New Malware.u
Microsoft 1.3109 2007.12.17 -
NOD32v2 2728 2007.12.17 -
Norman 5.80.02 2007.12.17 W32/Suspicious_N.gen
Panda 9.0.0.4 2007.12.17 Trj/Banker.IBE
Prevx1 V2 2007.12.17 -
Rising 20.23.02.00 2007.12.17 -
Sophos 4.24.0 2007.12.17 Mal/Packer
Sunbelt 2.2.907.0 2007.12.15 -
Symantec 10 2007.12.17 -
TheHacker 6.2.9.161 2007.12.17 W32/Behav-Heuristic-067
VBA32 3.12.2.5 2007.12.17 suspected of Downloader.Banload.15 (paranoid
heuristics)
VirusBuster 4.3.26:9 2007.12.17 Packed/NSPack
Webwasher-Gateway 6.6.2 2007.12.17 Trojan.Delphi.Downloader.Gen
Click to expand...

I notice they're using NOD32 version 2. Am I dreaming to
hope that the new version 3 would have caught it?

But seriously, why don't they move to version 3 for testing
purposes?

Louise
 
I notice they're using NOD32 version 2. Am I dreaming to
hope that the new version 3 would have caught it?

But seriously, why don't they move to version 3 for testing
purposes?

Louise
Click to expand...

==========
Just submitted it again, and just two more vendors flagged it (Sunbelt
and ClamAV). NOD32 still missing it *ugh*

NOD32 on my computer:

NOD32 antivirus system information
Virus signature database version: 2738 (20071220)
Dated: Thursday, December 20, 2007
Virus signature database build: 11461

Information on other scanner support parts
Advanced heuristics module version: 1068 (20071119)
Advanced heuristics module build: 1169
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.059 (20071108)
Archive support module build version: 1197

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.39

Operating system information
Platform: Microsoft Windows 2000
Version: 5.0.2195 Service Pack 4
Version of common control components: 5.81.4968
RAM: 1024 MB
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (2999 MHz)
 
Duh_OZ said:
==========
Just submitted it again, and just two more vendors flagged it (Sunbelt
and ClamAV). NOD32 still missing it *ugh*

NOD32 on my computer:

NOD32 antivirus system information
Virus signature database version: 2738 (20071220)
Dated: Thursday, December 20, 2007
Virus signature database build: 11461

Information on other scanner support parts
Advanced heuristics module version: 1068 (20071119)
Advanced heuristics module build: 1169
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.059 (20071108)
Archive support module build version: 1197

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.39

Operating system information
Platform: Microsoft Windows 2000
Version: 5.0.2195 Service Pack 4
Version of common control components: 5.81.4968
RAM: 1024 MB
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (2999 MHz)
Click to expand...

as of 12/0412/22, EST, I have signature 2741.

BUT - my issue was that they are still using version 2 of
NOD32 when NOD has moved to version 3 and I wonder if the
same results, or lack thereof, would be obtained.

Louise
 
BUT - my issue was that they are still using version 2 of
NOD32 when NOD has moved to version 3 and I wonder if the
same results, or lack thereof, would be obtained.

Louise
Click to expand...
============
I was tired of waiting for NOD to detect it so I e-mailed Eset
([email protected]) the file last night. I'll test it again on
Sunday. BTW, the malware link seems to be broken now.
 
Back
Top