picking up a UK ISP dialler incorrectly

[Guest]

There is a large UK ISP called Tiscali, who have a sign-up dialler called
dialler.exe.

Its probably on every PC thats ever signed up to Tiscali with a CD.

Its picking it up as:

Hot as Hell
Type: Dialer
Threat Level: Severe

Description: Hot as Hell is a dialer program which dials toll numbers in
order to access paid adult content Web sites.

Advice: Severe-risk items have an extreme potential for adverse effect, such
as a security exploit, and should be removed.

About Dialer: A Trojan that uses the computer's modem to create unauthorized
telephone charges

can anyone tell what they have in common?

 

[Bill Sanderson]

Is this a new detection with any particular definition version?
What version of definitions are you seeing this with.

 

[Guest]

Hi Bill,

Its Microsoft AntiSpyware Version: 1.0.701

I think its the name of their dialler install program that has the same name
as the "Hot as Hell" Trojan.

Does the AntiSpyware just do a name look up?

Avi

 

[Guest]

Hi Bill,

Its Microsoft AntiSpyware Version: 1.0.701

Tiscali has a dialler called dialler.exe that places an DUN config.

Does AntiSpyware just check on the name?

Avi

 

[Bill Sanderson]

If you go to Help, about, and look at the third line in the box, it'll give
the definitions in place that are showing this detection. Should be a
number like 5781.

Threats are defined in different ways for different threats. It is not
beyond likelyhood that the file, is, in fact, identical to one used by the
named threat. Equally simplistic detections are probably still in the
product.

--