First off I hope that I got the name correct. Was listening to the radio today here in Perth, Western Australia and apparently theres been a new Phishing Trojan thats been released from Russia in which I think is called the A311. I'm certain the name was A311 or thereabouts. Just like to know if NOD32 detects this Trojan.
Probably one of these 2 names found up at VGrep. ALWIL [undetected] CA InoculateIT Win32/Haxdoor.103.A!Backdoor!Ser CA VET Win32/Haxdoor.B Doctor Web BackDoor.Prodex ESET Win32/Haxdoor.G Fortinet [maybe] NEW_VIRUS Frisk Software security risk named W32/Haxdoor.BW@bd GRISoft BackDoor.Haxdoor.2.AG H+BEDV BDS/Haxdoor.G.11 IKARUS [undetected] Kaspersky Lab Backdoor.Win32.Haxdoor.g McAfee BackDoor-BAC.gen Microsoft [undetected] Norman W32/Neodurk.BK Panda Bck/Haxdoor.AA SOFTWIN Backdoor.Haxdoor.G Sophos Troj/Haxdoor-R Symantec Backdoor.Haxdoor Trend Micro TSPY_A311.103 VirusBuster [undetected] ALWIL Win32:SpyBot-A311 [Trj] CA InoculateIT Win32/Rbot.WR!Worm CA VET Win32/Rbot.WR Doctor Web Win32.HLLW.MyBot.based ESET Win32/Rbot.AAF Fortinet W32/RBot.C9CE!worm Frisk Software security risk named W32/Spybot.BTD GRISoft IRC/BackDoor.SdBot.51.W H+BEDV Worm/Rbot.DQ.3 IKARUS [undetected] Kaspersky Lab Backdoor.Win32.Rbot.gen McAfee W32/Sdbot.worm.gen Microsoft Backdoor:Win32/Rbot!BF35 Norman W32/Spybot.GHH Panda W32/Gaobot.AFB.worm SOFTWIN Backdoor.RBot.97000EAF Sophos W32/Rbot-Fam Symantec W32.Spybot.Worm Trend Micro WORM_SDBOT.OK VirusBuster [undetected] Cheers
If you are referring to the "A113 Death" trojan that targeted Australian National bank customers; see link below: http://www.ausnog.net/pipermail/ausnog/2006-June/000115.html Then yes, it appears that Nod32's heuristics got this one. For the main executable and this seems to detect as (according to virustotal): AntiVir 6.35.0.13 06.14.2006 no virus found Authentium 4.93.8 06.15.2006 no virus found Avast 4.7.844.0 06.13.2006 no virus found AVG 386 06.14.2006 no virus found BitDefender 7.2 06.15.2006 no virus found CAT-QuickHeal 8.00 06.14.2006 (Suspicious) - DNAScan ClamAV devel-20060426 06.14.2006 no virus found DrWeb 4.33 06.14.2006 BackDoor.Haxdoor.294 eTrust-InoculateIT 23.72.38 06.15.2006 no virus found eTrust-Vet 12.6.2256 06.14.2006 Win32/Haxdoor!generic Ewido 3.5 06.14.2006 no virus found Fortinet 2.77.0.0 06.15.2006 suspicious F-Prot 3.16f 06.13.2006 no virus found Ikarus 0.2.65.0 06.14.2006 no virus found Kaspersky 4.0.2.24 06.15.2006 no virus found McAfee 4784 06.14.2006 no virus found Microsoft 1.1441 06.15.2006 no virus found NOD32v2 1.1599 06.14.2006 a variant of Win32/Haxdoor Norman 5.90.21 06.14.2006 no virus found Panda 9.0.0.4 06.14.2006 Suspicious file Sophos 4.06.0 06.14.2006 no virus found Symantec 8.0 06.15.2006 no virus found TheHacker 5.9.8.159 06.14.2006 no virus found UNA 1.83 06.14.2006 no virus found VBA32 3.11.0 06.14.2006 suspected of Trojan-Downloader.Agent.83 VirusBuster 4.3.7:9 06.14.2006 no virus found
Haxdoor.G is detected in 1.522 (back in 2003). Win32/Rbot.AAF is detected in 1.865 (back in 2004). Lot's of Haxdoor variants in 2006 though