3 hours ago, we noticed a new outbreak of a mass-spammed threat picked up by advanced heuristics.

Shortly after, a new update 1.1062 was issued and the threat has been detected as Win32/TrojanDownloader.Small.ZL trojan since.

i hate trojans,this small atack my PC two weeks ago when i have another AV and i turn off for install a huge video editor,this trojans always stay searching one PC without protection,in 1 minute you can targeted, :-[

Ah now I know why I got the 2nd update - I just said to myself "hmm I got one only a few hours ago.." lol.. well good work and love that AH.

two infected emails arrived around 4:30 central Canada. I deleted one remotely and didn't notice the second. I was glad that Nod detected it with heuristics -- I was also surprised that OutPostPro 2.6 jumped in.

Also--the two updates arrived shortly, along with Marco's post.

I know I made the right purchases.

That is awesome!!!

gotta love eset. they have been belting out the updates like crazy lately, if it continues this way well be near kav in no time!!! go nod

Good stuff, excellent to see that things are working as intended
NOD is still a very good part of an overall security solution

The next thing that would be great to see is a partnership with Sysinternals and incorporation of RootKitRevealer into the AV engine so that the easy option for rootkits trying to hide in plain sight wouldn't be a particularly good option...

NB: I'm sure this has been fed back many times already....

Hehe - I guess its very normal now that NOD gets all the malware without signatures!!!

You gotta love the heuristics engine, its just so darn great!!!

Good work ESET! ;D

very re-assuring :) certainly helps me to know NOD is detecting before we get anything nasty 8) Thanks for posting this as it does help to see the live action.

Yeah, it's obvious to me that the people at Eset have been working hard lately. I am glad I switched back to NOD32, that's for sure. (So is my CPU.)

I Love Nod32 (http://www.wilderssecurity.com/showpost.php?p=432029), it just saved a work system from being infected, even though Trend Micro said the file was clean...

Cheers ;D

Is this really new.
A search for this name tells me it has been around some time.
Am i missing something.

{QUOTE-> I Love Nod32 (http://www.wilderssecurity.com/showpost.php?p=432029), it just saved a work system from being infected, even though Trend Micro said the file was clean...

Cheers ;D <-QUOTE}
Trend Micro always used to say that my PC was clean, however when I switched to eScan it immediately found a few trojans. I dont trust Trend much anymore.

{QUOTE-> Is this really new.
A search for this name tells me it has been around some time.
Am i missing something. <-QUOTE}New or old - NOD detected it without needing a signature. Except for unlpugging you PC and not turning it on there's no better protection than that.

{QUOTE-> I Love Nod32 (http://www.wilderssecurity.com/showpost.php?p=432029), it just saved a work system from being infected, even though Trend Micro said the file was clean... <-QUOTE}You mean you would have opened that archive and run whatever was inside otherwise?

{QUOTE-> You mean you would have opened that archive and run whatever was inside otherwise? <-QUOTE}
I do that sometimes when I'm clicking at random - doesn't everyone?

You're joking, right? No, I never do that.

{QUOTE-> You're joking, right? No, I never do that. <-QUOTE}
You mean you run a Jotti's scan before opening it? ???

If my AV does not detect anything, I normally do open it.

{QUOTE-> Trend Micro always used to say that my PC was clean, however when I switched to eScan it immediately found a few trojans. I dont trust Trend much anymore. <-QUOTE}

TM has lot's of ppl in the virus lab - mostly so called 'trainees'.
Almost no senior stuff there. I know most of the ppl there. Dont ask why ;)

They add signatures until the devil escapes hell. The scanengine stills the same since years. Problems with complex malware such as EPO Driller viruses, uruguay viruses (which are one of the most complex virues ever under dos) , unpacking etc...

They are suprisingly good with detecting spyware stuff - i do not want to comment anymore on this, cause i'm biased.

{QUOTE-> You mean you would have opened that archive and run whatever was inside otherwise? <-QUOTE}No, as stated in that post, it fooled my fiancé into opening it, she is a little wiser after the experience, and is slowly learning, a newbie to computers.

Cheers ;D

{QUOTE-> They add signatures until the devil escapes hell <-QUOTE}

:o:o:o:o

I just absolutely love your choice of words there :)

{QUOTE-> The scanengine stills the same since years. Problems with complex malware such as EPO Driller viruses, uruguay viruses (which are one of the most complex virues ever under dos) , unpacking etc... <-QUOTE}

I'll agree there. I dont think Trend's unpack engine does anything more than unpacking UPX!!!

{QUOTE-> They are suprisingly good with detecting spyware stuff - i do not want to comment anymore on this, cause i'm biased. <-QUOTE}

Definitely not better than NOD32 :D

{QUOTE-> You mean you run a Jotti's scan before opening it? ???

If my AV does not detect anything, I normally do open it. <-QUOTE}No, I wouldn't open it at all unless I was expecting it, within reason, and it appeared to be from someone I knew.

{QUOTE-> No, I wouldn't open it at all unless I was expecting it, within reason, and it appeared to be from someone I knew. <-QUOTE}
Yes - Thats the best form of rational thinking, I agree :)

(I'm not speaking negatively)

{QUOTE-> I Love Nod32 (http://www.wilderssecurity.com/showpost.php?p=432029), it just saved a work system from being infected, even though Trend Micro said the file was clean...

Cheers ;D <-QUOTE}

Hi there I had the same Experience with Yahoo mail box and they use Norton AV 2005!! If I could KISS NOD32 I would :-* LOL.

Of all the Security Software I use NOD32 Stopped it FIRST!!!!!;D :P

dagolag

I only receive e-mail in plain text and with no attachments allowed ... unfortunantly that's one of the fun things i used to like to do (e-mailing pics and programs ...etc) but like most things out there now security has got to be my first priority.

Emails are like letters. They were meant to carry only text with additional attacehements (images,programs or other stuff).
I really hate to see emails with colorful text and bunch of twinking smilies+large gif blinking banner in the bottom. So plaintext is just fine. And more secure.

An article about Advanced heuristics and Mytob worms:
http://www.pcmag-mideast.com/news/news.php?id=EEEFkkuZAyoDnbaeFW&PHPSESSID=1beb14f5e28ce769c56c5e7e67274aa1

{QUOTE-> An article about Advanced heuristics and Mytob worms:
http://www.pcmag-mideast.com/news/news.php?id=EEEFkkuZAyoDnbaeFW&PHPSESSID=1beb14f5e28ce769c56c5e7e67274aa1 <-QUOTE}
Good article Marcos - Thanks for posting :)

{QUOTE-> 3 hours ago, we noticed a new outbreak of a mass-spammed threat picked up by advanced heuristics.

Shortly after, a new update 1.1062 was issued and the threat has been detected as Win32/TrojanDownloader.Small.ZL trojan since. <-QUOTE}

Marcos, I can't find Win32/TrojanDownloader.Small.ZL. trojan in update 1.1062. Why?

NOD32 - v.1.1062 (20050414) Virus signature database updates:Win32/Adware.Incredifind, Win32/Agent.CT, Win32/Dialer.DialHub, Win32/Dialer.DialSX, Win32/DNSChanger.I, Win32/Exploit.DComRpc.B, Win32/Kelvir.I, Win32/KillAV.NAC, Win32/PSW.Lineage.NAA, Win32/Rbot.DSP, Win32/Spyware.DCToolbar, Win32/TrojanClicker.Small.FF, Win32/TrojanDownloader.Agent.LE, Win32/TrojanDownloader.Small.AGZ, Win32/TrojanDownloader.Small.APV, Win32/TrojanDownloader.Small.NDA, Win32/TrojanDropper.Agent.GP, Win32/Wurmark.H

I found Win32/TrojanDownloader.Small.ZL in update v.1.916 (20041103).

Regards,

izi

The point is, it was heuristically detected without signatures. Thats all I needed to know anyway!!!

Probably its signature was only improved to detect the new variant as well.