Advanced Heuristic and Bagle F-G

Discussion in 'NOD32 version 2 Forum' started by Tekl, Mar 3, 2004.

Thread Status:
Not open for further replies.
  1. Tekl

    Tekl Registered Member

    Joined:
    Jan 12, 2004
    Posts:
    16
    Hello,

    the german Page www.nod32.de claims, that Bagle will be detected by the advanced heuristic. Is that true? On www.nod32.com there's not such a statement.

    Tekl
     
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    FWIW both the Aussie and USA site specifically say for Bagle.A and B: "...one of a long series of worms that NOD32 detects using a unique “Advanced Heuristics”, which means that all NOD32 users are protected against this worm from the time it was released in the wild." Perhaps they haven't specifically included this blurb for all the other variants since specific signature updates have been coming virtually daily it seems.

    Additionally this update appears to have added a signature for generic detection as some other AV's have done:

    NOD32 - v.1.639 (2004022:cool:
    Virus signature database updates:
    Win32/Bagle.E, Win32/Bagle.gen

    As for specific signatures today's latest signature update:
    v.1.649 (20040303)
    Virus signature database updates:
    Win32/Bagle.K, Win32/Mydoom.H

    Perhaps someone from ESET can provide a more precise answer to your question.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    To put it right, please see that only variant A was detected using AH:
    Win32/Bagle.A is one of a long series of worms that NOD32 detects using a unique “Advanced Heuristics”, which means that all NOD32 users are protected against this worm from the time it was released in the wild
     
  4. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    If only Bagle.A is detected with AH, perhaps ESET should correct this statement appearing on its site:

    "Win32/Bagle.B is one of a long series of worms that NOD32 detects using a unique “ Advanced Heuristics ”, which means that all NOD32 users are protected against this worm from the time it was released in the wild."

    http://www.nod32.com/msgs/bagleb.htm
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    OK, I scanned all Bagle variants and found out that both A and B were detected by AH. Sorry for the confusion.
     
Thread Status:
Not open for further replies.