NOD32 doesn't even give a peep while others intercept this as a citibank.trojan etc.
By others I mean, NOrton, Fprot, mcaffee and VET.
<snip>


removed link for safety - will supply it to staff for investigation - Detox

You shouldn't link to infected sites...

A little worrying though isn't it? :o

Fortunately my on demand Kav 4.5 detected and removed the file from my temp directory!

This is my second nod32 failure in 2 weeks, the other was the 'not a virus' (trojan/spyware - I can't remember) found in the bittorrent client installer! Again, kav 4.5 found it, this concerns me a little and somewhat undermines ones' confidence!!! :( :-\

#
Toby.

PS Furthermore, Ewido didn't react either, though I even ran a scan of the offending file...

I should have run a tds 3 scan, but I'd already deleted the file, tds is not resident, only on demand on my system...

If nothing else, it reminds me not to place blind faith in *any* security software, but I would have thought the Ewido/nod32 beta pairing would have been pretty good - scary. :(

I wonder whether Dr Web would haver detected it, on another pc here...

#
Toby.

Hi Tobamore,
have you sent the suspicious file to samples@eset.com for analysis? Without analysing it first, it's almost impossible to tell why it was not detected. It could have been a false positive reported by KAV (e.g. the one recently observed on nod temp files) or the file was corrupted and non-functional and as such it could not be picked up by NOD32.

{QUOTE-> If nothing else, it reminds me not to place blind faith in *any* security software, but I would have thought the Ewido/nod32 beta pairing would have been pretty good - scary. :( <-QUOTE}


That is good advise. Giving any company the big stroke in post after post of AH caught this, or AH caught that, we do need to be aware of the virises that slip by. Especially the ones that slip by a suite of software. It gives us a sobering second look at the dark figure.

Neil

Hello Marcos,
No, unfortunately I just allowed Kav to delete it, so it is no more. However, if 'notapeep' is to be believed and I see no reason why not, other programs did spot it and identify it as a virus/trojan.

By the way this is a copy of the kav report for the file;

C:\Documents and Settings\<snip>\Local Settings\Temporary Internet Files\Content.IE5\LSBL1QLD\r[1].htm Infected Trojan-Spy.HTML.Citifraud.j

Hi. Devil's advocate here. Maybe spend more time avoiding the things and places that lead you to all this malware, rather than worry about what software you run to hopefully catch it when you do. Just a thought.

I found this text to be contained in the htm file you mentioned. Nothing else, nothing more - it's just a phising email whose aim is to deceive the recipient.

De: Citibank
Asunto: Important Fraud Alert from Citibank

Texto del mensaje:

Dear Citibank Account Holder,

On January 10th 2004 Citibank had to block accounts
in our system connected with money laundering,
credit card fraud, terrorism and check fraud
activity. The information in regards to those
accounts has been passed to our correspondent
banks, local, federal and international authorities.

Due to our extensive database operations some
accounts may have been changed. We are asking our
customers to check their checking and saving
accounts if they are active or if their current
balance is correct.

Citibank notifies all it's customers in cases of
high fraud or criminal activity and asks you to
check your account's balances. If you suspect or
have found any fraud activity on your account
please let us know by logging in at the below.

[ Click Here To Login ]

Thank you Marcos, maybe there is nothing to worry about after all. :)

Nameless, if you were referring to me in your post, I only tried the link to see how nod would react - nothing more.

#
Toby.