i tested nod32 for a trojan on firewallleaktester.com. although it is for firewall testing,almost every antivirus i have tested detected copycat.exe as a trojan. nod32 could not recognise it. i even found its name in viruslist.com as below Exploit.Win32.Copycat.a Aliases Exploit.Win32.Copycat.a (Kaspersky Lab) is also known as: Exploit.Win32.Copycat ( Kaspersky Lab), TROJ_COPYCAT.A (Trend Micro) i even scaned that file with nod32 but yet it did not detected as a threat.
is the copycat.exe file a "test file" kind of like the eicar testing files? if it is not a real threat, nod32 may not detect it because it knows it will not cause any harm. if it is a real threat, submit the file to sample@nod32.com so they can analyze it.
i told the eset tech support,but they said that it does not effect windows xp. but i have got the details below CopyCat Overview Vendor Description from the doc: 'Like Thermite, copycat uses direct code injection (without creating an additional thread) into a web browser to prevent to be catched by firewall.' Alias Hacktool Program [Panda], Category Probe Tool : A tool that explores another system, looking for vulnerabilities. While these can be used by security managers, wishing to shore up their security, the tools are as likely used by attackers to evaluate where to start an attack. An example is an NT Security Scanner. Misc Tool: Any tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it. Origins Author BugsBunny Email bugsbunny@e-mail.ru URL http://mc.webm.ru/ Date of Origin Author BugsBunny Email bugsbunny@e-mail.ru URL http://mc.webm.ru/ Date of Origin February, 2004
Hi ashishtx, Have you sent a sample of this file (archived and encrypted - tell the lab what password you chose) with a brief explanation to sample@eset.com? Bandicoot.
