View Full Version : Mydoom.B and AV's responses:
sir_carew
January 30th, 2004, 10:19 PM
Here are the different responses of some antivirus in order to detect Mydoom variant B:
[TrendMicro] 28/01/2004 18:09:56 :: WORM_MYDOOM.B
[Kaspersky] 28/01/2004 19:13:33 :: I-Worm.Mydoom.b
[Panda] 28/01/2004 19:47:46 :: W32/Mydoom.B.worm
[NOD32] 28/01/2004 20:38:44 :: Win32/Mydoom.B
[McAfee] 28/01/2004 20:57:17 :: W32/Mydoom.b@MM
[Sophos] 28/01/2004 20:57:40 :: W32/MyDoom-B [InoculateIT] 28/01/2004 23:05:09 :: Win32/Mydoom.B.
[Norton] 29/01/2004 00:45:41 :: W32.Mydoom.B@mm
Source: www.hispasec.com
sir_carew
January 30th, 2004, 10:25 PM
And for variant A:
TrendMicro, el 26/01/2004 at 23:52:29 as WORM_MIMAIL.R
NOD32, 27/01/2004 at 00:55:43 as Win32/Mydoom.A
Antigen, 27/01/2004 at 01:39:51 as MyDoom.A@mm
Norton, 27/01/2004 at 01:50:13 as W32.Novarg.A@mm
Kaspersky, 27/01/2004 at 02:08:53 as I-Worm.Novarg
Sophos, el 27/01/2004 at 02:09:19 as Win32/MyDoom-A
InoculateIT, el 27/01/2004 at 02:28:42 as Win32.Shimg.Worm
Panda, 27/01/2004 a las 05:39:04 as W32/Mydoom.A.worm
McAfee, 27/01/2004 a las 05:57:49 como W32/Mydoom@MM
NOD in this case was first than other that release updates every 3 hours like Kaspersky. Congratulations to ESET ;)
izi
January 31st, 2004, 02:37 AM
-{ Quote: "[Kaspersky] 28/01/2004 19:13:33 :: I-Worm.Mydoom.b
" }-
This is not true. KAV detect this virus at 16:30 CET. KAV was first AV detecting this virus. Look: http://www.eweek.com/article2/0,4149,1472436,00.asp and
http://www.wilderssecurity.com/showthread.php?t=20606.
-{ Quote: "Kaspersky, 27/01/2004 at 02:08:53 as I-Worm.Novarg
" }- KAV detect this file at 00:35 CET.
I have licensed for NOD32 and KAV.
izi
dvk01
January 31st, 2004, 03:43 AM
I had my first copy at 22.50 GMT on 26/1/2004
at that time none of the online scanners found mydoom.A
I sent copies to Pieter & Tony at 23.05 gmt on 26th Jan because I was so worried about it
None of these detected it online until well after midnight on that day
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx
http://www.kaspersky.com/remoteviruschk.html
http://www.dials.ru/english/www_av/
sir_carew
January 31st, 2004, 11:37 AM
These are spain time.
izi
January 31st, 2004, 12:14 PM
CET=Spain time
Marcos
January 31st, 2004, 03:54 PM
Here is an evidence that NOD32 updated the database much earlier (the time was in Slovakia which is GMT+1). It updates once an hour so the real update might have been released a bit sooner.
Time***Module***Event***User
28. 1. 2004 19:51:19***Kernel***The virus signature database has been updated successfully to version 1.613 (20040128).***
sir_carew
January 31st, 2004, 05:37 PM
Thanks for the corrections, so hispasec isn't a good source of information :o
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums