Has there been an update released for Winevar? Most all major AV vendors have updated for this dangerous nasty but I can't seem to find it listed anywhere on the defs page. Are we late and. if so, why?

Phil

Hi Phil,

Covered in the latest database update: alias is "W32/Korvar.A" ;).

regards.

paul

{QUOTE-> quoting: Forum Admin link=board=35;threadid=5194;start=0#33825 date=1038538078]
Hi Phil,

Covered in the latest database update: alias is "W32/Korvar.A" ;).
<-QUOTE}

Kovar?? (grumble, grumble) Guess I need to hire an assistant to keep up with all the different names. ;D

Thanks for the info, Paul -- nice to know!

Phil

Phil,

It's a bit confusing, I agree. Aliases used for this particular nastie:

"I-Worm.Winevar, WORM_WINEVAR.A, W32/Korvar, Worm/Bride.C, W32.HLLW.Winevar"

Glad to be of help ;).

regards.

paul

Yep, everybody and his brother detects Winevar now; Norton even had a special rare Sunday liveupdate because of this worm: http://www.dslreports.com/forum/remark,5119964~root=security,1~mode=flat

Symantec: W32.HLLW.Winevar
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winevar.html

McAfee: W32/Korvar
http://vil.mcafee.com/dispVirus.asp?virus_k=99819

Trend Micro: WORM_WINEVAR.A
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINEVAR.A

Panda Software: W32/Winevar
http://service.pandasoftware.es/library/card.jsp?Virus=W32/Winevar

Sophos: W32/Winevar-A
http://www.sophos.com/virusinfo/analyses/w32winevara.html

DialogueScience (DrWeb): Win32.HLLM.Seoul
http://www.dials.ru/english/inf/virus.php?id=18

(although KAV detects this worm as I-Worm.Winevar, I can't find a Kaspersky reference). AVG also detects it as I-Worm/Winevar: http://www.dslreports.com/forum/remark,5123065~root=security,1~mode=flat#5123698

That's eight different vendors I know of(make that nine, if you include NOD32); I'm sure every AV that's worth its salt has detection for this one now. NOD32 was just as timely in response as all the other major AVs. ;D ;D

{QUOTE-> quoting: Forum Admin link=board=35;threadid=5194;start=0#33832 date=1038540176]
Phil,

It's a bit confusing, I agree. Aliases used for this particular nastie:

"I-Worm.Winevar, WORM_WINEVAR.A, W32/Korvar, Worm/Bride.C, W32.HLLW.Winevar"

Glad to be of help ;).

regards.

paul
<-QUOTE}
Heehee ... Paul, you left out the most important alias: Win32.HLLM.Seoul -- named by DrWeb, who apparently was first to detection. If I wanted to get you in trouble, I'd report your post to DialogueScience! ;D ;D

Ran,

{QUOTE-> Heehee ... Paul, you left out the most important alias: Win32.HLLM.Seoul -- named by DrWeb, who apparently was first to detection. If I wanted to get you in trouble, I'd report your post to DialogueScience! <-QUOTE}

Grin..give Igor Daniloff my regards ;).

regards.

paul

{QUOTE-> quoting: Forum Admin link=board=35;threadid=5194;start=0#33825 date=1038538078]
Covered in the latest database update: alias is "W32/Korvar.A" ;).
<-QUOTE}

In todays Swedish class, we'll learn the meaning of "Korvar".

"Korvar" - "Sausages"

Repeat after me.. "korvar"..

Best regards,
Anders
EuroSecure

{QUOTE-> quoting: anders link=board=35;threadid=5194;start=0#33862 date=1038589188]
{QUOTE-> quoting: Forum Admin link=board=35;threadid=5194;start=0#33825 date=1038538078]
Covered in the latest database update: alias is "W32/Korvar.A" ;).
<-QUOTE}

In todays Swedish class, we'll learn the meaning of "Korvar".

"Korvar" - "Sausages"

Repeat after me.. "korvar"..

Best regards,
Anders
EuroSecure

<-QUOTE}
Hmmm ... interesting ... an internet worm named after a sausage? ;D ;D ;D