Winevar update?

Has there been an update released for Winevar? Most all major AV vendors have updated for this dangerous nasty but I can't seem to find it listed anywhere on the defs page. Are we late and. if so, why?

Phil

 

Kovar?? (grumble, grumble) Guess I need to hire an assistant to keep up with all the different names.

Thanks for the info, Paul -- nice to know!

Phil

 

Yep, everybody and his brother detects Winevar now; Norton even had a special rare Sunday liveupdate because of this worm: http://www.dslreports.com/forum/remark,5119964~root=security,1~mode=flat

Symantec: W32.HLLW.Winevar
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winevar.html

McAfee: W32/Korvar
http://vil.mcafee.com/dispVirus.asp?virus_k=99819

Trend Micro: WORM_WINEVAR.A
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINEVAR.A

Panda Software: W32/Winevar
http://service.pandasoftware.es/library/card.jsp?Virus=W32/Winevar

Sophos: W32/Winevar-A
http://www.sophos.com/virusinfo/analyses/w32winevara.html

DialogueScience (DrWeb): Win32.HLLM.Seoul
http://www.dials.ru/english/inf/virus.php?id=18

(although KAV detects this worm as I-Worm.Winevar, I can't find a Kaspersky reference). AVG also detects it as I-Worm/Winevar: http://www.dslreports.com/forum/remark,5123065~root=security,1~mode=flat#5123698

That's eight different vendors I know of(make that nine, if you include NOD32); I'm sure every AV that's worth its salt has detection for this one now. NOD32 was just as timely in response as all the other major AVs.

 

Heehee ... Paul, you left out the most important alias: Win32.HLLM.Seoul -- named by DrWeb, who apparently was first to detection. If I wanted to get you in trouble, I'd report your post to DialogueScience!

 

In todays Swedish class, we'll learn the meaning of "Korvar".

"Korvar" - "Sausages"

Repeat after me.. "korvar"..

Best regards,
Anders
EuroSecure

 

Hmmm ... interesting ... an internet worm named after a sausage?