Is it really a virus?

Hi,

I have recently purchased a site license for NOD32 but have not deployed it fully yet.

On our Proxy/ISA and mail server we are still running Etrust AV + ETRUST gateway AV. [By the way it is fully up to date]

I got an alert from NOD32 running on one of our terminal servers indicating a user had just been sent the phishing virus.

The thing that interests me is that the virus[?} got through the firewall antivirus with packet inspection. It then got through the gateway AV and also the etrust Exchange AV.

Is this really a virus?

Program Virus Alert EMON - Microsoft Outlook email monitor triggered on Termserv1: computerfrom: support_num_7 at lasallebank.com to: Office with subject LaSalle Bank: Account Update dated 06/23/2005 13:32 infected with HTML/Phishing.gen trojan.

 

IMO - consider it a trojan because it is used to capture user information by stealth/deception. Normally Phishing.gen are not automatic in the collection of this information, normally they require user input.

 

Interesting, I wonder why E-trust fails to pick it up. Even more interesting how it gets through the firewall.

I guess this is the reason I am uninstalling CA and installing NOD32.

 

Computer Associates probably considers it spam or spyware, so their PestPatrol or Secure Content Manager programs would be the ones in charge of picking that up.

 

another reason the combined approach of AV/AT/AS in NOD32 is better for end users... it also costs less than the multi-tool approach...

 

HTML Phising trojans are pure HTML emails without a malicious code (so far) whose aim is to deceive the recipient and elicit confidential information from him by pretending to be sent from a bank or another authority.