NOD32 missed this one

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
First 'miss' in a visited malware link.   Link was from obtained from
a some e-mail that I think said I had an infected file.  E-mail was in
Spanish, only partly comprende'd some of it ;-)

hxxp://sath.hs.kr/bbs/skin/zero_vote/Symantec.exe

Virus total:

AhnLab-V3    2007.12.18.10    2007.12.17    -
AntiVir    7.6.0.45    2007.12.17    TR/Delphi.Downloader.Gen
Authentium    4.93.8    2007.12.16    Possibly a new variant of W32/NewMalware-
LSU-based!Maximus
Avast    4.7.1098.0    2007.12.17    -
AVG    7.5.0.503    2007.12.17    -
BitDefender    7.2    2007.12.17    BehavesLike:Trojan.Downloader
CAT-QuickHeal    9.00    2007.12.17    Win32.Packed.NSAnti.r
ClamAV    0.91.2    2007.12.17    -
DrWeb    4.44.0.09170    2007.12.17    Trojan.DownLoader.origin
eSafe    7.0.15.0    2007.12.17    suspicious Trojan/Worm
eTrust-Vet    31.3.5382    2007.12.17    -
Ewido    4.0    2007.12.17    -
FileAdvisor    1    2007.12.17    -
Fortinet    3.14.0.0    2007.12.17    -
F-Prot    4.4.2.54    2007.12.17    W32/NewMalware-LSU-based!Maximus
F-Secure    6.70.13030.0    2007.12.17    -
Ikarus    T3.1.1.15    2007.12.17    Generic.Banker.Delf
Kaspersky    7.0.0.125    2007.12.17    Heur.Downloader
McAfee    5187    2007.12.17    New Malware.u
Microsoft    1.3109    2007.12.17    -
NOD32v2    2728    2007.12.17    -
Norman    5.80.02    2007.12.17    W32/Suspicious_N.gen
Panda    9.0.0.4    2007.12.17    Trj/Banker.IBE
Prevx1    V2    2007.12.17    -
Rising    20.23.02.00    2007.12.17    -
Sophos    4.24.0    2007.12.17    Mal/Packer
Sunbelt    2.2.907.0    2007.12.15    -
Symantec    10    2007.12.17    -
TheHacker    6.2.9.161    2007.12.17    W32/Behav-Heuristic-067
VBA32    3.12.2.5    2007.12.17    suspected of Downloader.Banload.15 (paranoid
heuristics)
VirusBuster    4.3.26:9    2007.12.17    Packed/NSPack
Webwasher-Gateway    6.6.2    2007.12.17    Trojan.Delphi.Downloader.Gen

Re: NOD32 missed this one

Duh_OZ wrote:
Quoted text here. Click to load it

I notice they're using NOD32 version 2.  Am I dreaming to
hope that the new version 3 would have caught it?

But seriously, why don't they move to version 3 for testing
purposes?

Louise

Re: NOD32 missed this one

Quoted text here. Click to load it

==========
Just submitted it again, and just two more vendors flagged it (Sunbelt
and ClamAV).  NOD32 still missing it *ugh*

NOD32 on my computer:

NOD32 antivirus system information
Virus signature database version:    2738 (20071220)
Dated:    Thursday, December 20, 2007
Virus signature database build:    11461

Information on other scanner support parts
Advanced heuristics module version:    1068 (20071119)
Advanced heuristics module build:    1169
Internet filter version:    1.002 (20040708)
Internet filter build:    1013
Archive support module version:    1.059 (20071108)
Archive support module build version:    1197

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version:    2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version:    2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version:    2.70.39

Operating system information
Platform:    Microsoft Windows 2000
Version:    5.0.2195 Service Pack 4
Version of common control components:    5.81.4968
RAM:    1024 MB
Processor:    Intel(R) Pentium(R) 4 CPU 3.00GHz (2999 MHz)

Re: NOD32 missed this one

Duh_OZ wrote:
Quoted text here. Click to load it

as of 12/0412/22, EST, I have signature 2741.

BUT - my issue was that they are still using version 2 of
NOD32 when NOD has moved to version 3 and I wonder if the
same results, or lack thereof, would be obtained.

Louise

Re: NOD32 missed this one

Quoted text here. Click to load it
============
I was tired of waiting for NOD to detect it so I e-mailed Eset
(samples@eset.com) the file last night.   I'll test it again on
Sunday.   BTW, the malware link seems to be broken now.


Site Timeline