Winevar update?

Discussion in 'NOD32 version 1 Forum' started by Phil, Nov 28, 2002.

Thread Status:
Not open for further replies.
  1. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Has there been an update released for Winevar? Most all major AV vendors have updated for this dangerous nasty but I can't seem to find it listed anywhere on the defs page. Are we late and. if so, why?

    Phil
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Phil,

    Covered in the latest database update: alias is "W32/Korvar.A" ;).

    regards.

    paul
     
  3. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Kovar?? (grumble, grumble) Guess I need to hire an assistant to keep up with all the different names. :D

    Thanks for the info, Paul -- nice to know!

    Phil
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Phil,

    It's a bit confusing, I agree. Aliases used for this particular nastie:

    "I-Worm.Winevar, WORM_WINEVAR.A, W32/Korvar, Worm/Bride.C, W32.HLLW.Winevar"

    Glad to be of help ;).

    regards.

    paul
     
  5. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Yep, everybody and his brother detects Winevar now; Norton even had a special rare Sunday liveupdate because of this worm: http://www.dslreports.com/forum/remark,5119964~root=security,1~mode=flat

    Symantec: W32.HLLW.Winevar
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winevar.html

    McAfee: W32/Korvar
    http://vil.mcafee.com/dispVirus.asp?virus_k=99819

    Trend Micro: WORM_WINEVAR.A
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINEVAR.A

    Panda Software: W32/Winevar
    http://service.pandasoftware.es/library/card.jsp?Virus=W32/Winevar

    Sophos: W32/Winevar-A
    http://www.sophos.com/virusinfo/analyses/w32winevara.html

    DialogueScience (DrWeb): Win32.HLLM.Seoul
    http://www.dials.ru/english/inf/virus.php?id=18

    (although KAV detects this worm as I-Worm.Winevar, I can't find a Kaspersky reference). AVG also detects it as I-Worm/Winevar: http://www.dslreports.com/forum/remark,5123065~root=security,1~mode=flat#5123698

    That's eight different vendors I know of(make that nine, if you include NOD32); I'm sure every AV that's worth its salt has detection for this one now. NOD32 was just as timely in response as all the other major AVs. :D :D
     
  6. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Heehee ... Paul, you left out the most important alias: Win32.HLLM.Seoul -- named by DrWeb, who apparently was first to detection. If I wanted to get you in trouble, I'd report your post to DialogueScience! :D :D
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ran,

    Grin..give Igor Daniloff my regards ;).

    regards.

    paul
     
  8. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    In todays Swedish class, we'll learn the meaning of "Korvar".

    "Korvar" - "Sausages"

    Repeat after me.. "korvar"..

    Best regards,
    Anders
    EuroSecure
     
  9. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Hmmm ... interesting ... an internet worm named after a sausage? :D :D :D
     
Thread Status:
Not open for further replies.