Does NOD32 team has the W32.AntiWinny.kintama sample?

Looks like it's going to be nasty just wondering if they are on the ball.

From the inq:
A REPORT ON the Mainichi Daily News web site says that a virus called Kintama is picking up details of P2P chat room users' PC screens and then spreading the details worldwide.
Winny - a popular file sharing program in Japan - is being particularly hard hit by Kintama, which apparently grasps file sharers by the cojones, squeezes out bank account numbers and publishes them world wide.

Kintama is clever enough to screen capture a person's PC once a day, and then file share it amongst other users.

Which could be highly embarrassing and costly.

Ouch! This does not appear to be a late April Fool's joke

 

(W32.AntiWinny.kintama) is rapidly spreading via P2P program(Winny) in Japan and some people suffered serious damage. Many Japanese NOD32 users reported that NOD32 couldn't detect this trojan. But this is not a serious problem because this trojan propagate only by P2P program(Winny), so most average users don't need to worry about this trojan. I already sent this trojan Symantec, Ewido Security Suite and Kaspersky. If Eset team didn't have this trojan's sample, please let me know e-mail address, I would submit it.

Best Regards

 

interesting....

I'll will stand down Paul.

Cheers

 

Hi, Paul

I sent W32.AntiWinny.kintama's sample now.

Best Regards

 

Sorry, but that is completely ridiculous thinking. The trojan could spread in any other way you can think of, including surreptitious installation with other software, browser holes, Usenet downloads, email, via IM, or anything else. Prevalence matters, but you can't have vector tunnel vision.

 

Hi,nameless

I can understand your opinion, but I also have my opinion about W32.AntiWinny.kintama.

At first, Winny (a very popular file sharing program in Japan, I've heard more than millions of people use this P2P software in Japan.) More than 99.9% of Winny users use this software for illegal purposes, so other average PC users hate this software. Yes, I'm one of them.

As for the W32.AntiWinny.kintama, this trojan doesn't work correctly without Winny on their hard disk. Some programmer reverse engineered this trojan, so this is true. Many clever PC users says, the best way to protect from this trojan is "Don't use Winny(P2P software), or "Delete Winny from your hard disk".

I know some Japanese police officer and fire fighter's important documents was shared on the internet by this trojan. (I know other serious cases,too.) But no one sympathized with them because all of them were using Winny.

NOD32 began to support W32.AntiWinny.kintama in the recent updates, I do respect Eset team's efforts, but W32.AntiWinny.kintama has many variants that NOD32 still can't detect, and I know many ways how to make W32.AntiWinny.kintama(every malicious programs) undetected by NOD32. Should I submit all of them? I don't think so. No security software can protect from malicious programs perfectly if they use P2P programs. But I think average users don't need to care about this type of malicious programs.

BTW, W32.AntiWinny.kintama uses this exploit to execute itself.
http://www.securitytracker.com/alerts/2004/Jan/1008843.html
Maybe W32.AntiWinny.kintama is the first ITW malware to use this exploit, very clever.

Best Regards

 

I'm agree with nameless.
P2P networks are VERY used by thousand of people in the world and AV need to detect most P2P malware as they can and for that they need the help of the people that can/want send samples to the company.

>Should I submit all of them? I don't think so.
You need to do that!, if not you're a very egoist person. Send samples to AV are very easy and take no much time!, if you send samples you're helping to the users and to fight against hackers. While a AV can detect more malware, better!. I send a lot of samples to ESET every day. If you've undettected samples why not sent that?