Backdoor.Hackarmy.gen not detected by many

Gents,
I've heard about a new virus called Backdoor.Hackarmy.gen by KAV online scanner, which is not detected by DrWeb online, NOD32 [EDIT: NOW DETECTED BY NOD] ...but by McAfee and by Norman heuristically using its sandbox.
Take care, it's a 12 ko archive named "ArnoldSchwarzenegger.zip".

 

The latest variant seems to have been added in todays update.

25.07.2004 Twenty-sixth add-on for Dr.Web® 4.31
Twenty-sixth add-on increases number of Dr.Web® virus records on 224:
BackDoor.Hackamy(15)

http://www.sald.com/news1.html

 

Hell !
something's wrong...
here is what I get:

Virus records: 52557
ArnoldSchwarzenegger.zip - archive ZIP
>>ArnoldSchwarzenegger.zip/Arnold Schwarzenegger.scr - Ok
ArnoldSchwarzenegger.zip - Ok

online scanner test at 10:57 PM (GMT)

 

This is detected by NOD32 as of this writing.

EDIT: The version detected is a variant. At this end, as of now, the above file isn't detected by NOD32--at least not on my box.

 

thank you for your help JimIT !

 

Maybe it is not the same as the sample you have
Might be time for submission perhaps?... http://www.dials.ru/english/support/

 

DrWeb detects it now

Virus records: 52571
ArnoldSchwarzenegger.zip - archive ZIP
>>ArnoldSchwarzenegger.zip/Arnold Schwarzenegger.scr infected BackDoor.Hackamy

What about NOD32 ? (my licence expired)

 

Backdoor.Hackarmy.gen = a GENERIC detection of kav engine. this means that it's a large signature to detect many different variants of the same backdoor.

 

Thank you Illukka for this remark
That proves that KAV is a step ahead in terms in sig. detection

I just hope Eset will include it as soon as possible.

 

Norman Virus Control is real great thing! Strange that it isn't so well-known as KAV or F-prot.

 

Hi,

As a side note to this, you could submit the file here:

http://virusscan.jotti.dhs.org/

OsamaFoundDead.zip has been submitted 11 times aleady but it's a good
site to use when you have a new virus that doesn't seem to be picked up,
as it scans with various AV vendors.

Don't abuse the service as Jotti is doing all this for free!

ClamAV (and other AV vendors on the site) also get to see the "missed"/"new" viruses that people submit using the service, so we can all benefit

Cheers,

Steve

 

Well, I would say due to its flaws when it comes to find ITW virus.
Norman shows to be -Excellent- in heuristic, only good for ITW.

And I think I'll choose NVC instead of renewing my NOD32 licence
but it's worth 60 bucks...

 

Yes, it's detected now.

 

eTrust detects it since yesterday (Ithink )

Info.

 

What is an ITW ?

 

Avast can't detect this one :-(

 

http://www.f-secure.com/virus-info/wild.html
http://www.wildlist.org/

 

how is that? It's added on July 23
VPS history

 

Maybe a variant...
I got one but I'll not post it here, and you know why
This file comes with an archive called ArnoldSchwarzenegger.zip

Edit:
Now this topic could be closed, this trojan is now detected by most vendors.

AntiVir BDS/Hackarmy.D (1.23 seconds taken)
BitDefender Backdoor.SDBot.Gen (probable variant) (3.11 seconds taken)
ClamAV Trojan.SdBot.Gen-94 (5.13 seconds taken)
Dr.Web BackDoor.Hackamy (6.31 seconds taken)
F-Prot Antivirus security risk or a "backdoor" program (0.37 seconds taken)
F-Secure Anti-Virus Backdoor.Hackarmy.gen (4.02 seconds taken)
Kaspersky Anti-Virus Backdoor.Hackarmy.gen (3.92 seconds taken)
McAfee VirusScan BackDoor-AZV (3.02 seconds taken)
Norman Sandbox: W32/Backdoor

 

http://www.thedvdforums.com/forums/images/smilies/cuckoo.gif

 

i'd say it proves just that KAV has received more samples of this backdoor than other vendors. you really need a lot of samples/variants to make a generic detection that is worth something.. a LOT that is

 

Hackarmy is a (slightly) stripped down variant of SDBot

 

No.Avast can't detect him now.He only detects of Osamafoundead and not the Arnold file

 

Sorry not to see Panda mentioned, as Titanium caught this bugger rightaway.

Panda is doing a great job for me for a long time already and it surprises me not to read much about it!
Great scanner, light, fast, simple, great updates, malware detection, mail scan! It's not highly configurable, but it does the job perfectly as far as I'm concerned.



Putin

 

Not each year. But you can pay that price for a 3 year license which now makes NVC a consideration for Home users;
https://www.wilderssecurity.com/showthread.php?t=42126&highlight=Norman Virus Control

If they both run well on your system, personally I would stay with NOD.