ByteVerify.exploit

Discussion in 'NOD32 version 2 Forum' started by redwolfe_98, Dec 10, 2004.

Thread Status:
Not open for further replies.
  1. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    it seems that nod32 does not detect "byteverify.exploit":
    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=36725

    someone posted a thread about a website where they encountered "byteverify" exploit:
    http://www.dslreports.com/forum/remark,12057018~mode=flat

    the webpage in question is (if you are using an old, outdated, unpatched version of ms virtual machine, do not go to the website):
    http://.

    i could be wrong about nod32's not detecting byteverify.exploit..

    Please don't post links to sites with viruses or exploits--Ron
     
    Last edited by a moderator: Dec 10, 2004
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    NOD32 - v.1.905 (20041024)
    Virus signature database updates:
    Exploit.HTML/Mht.AH, IRC/SdBot.CKP, IRC/SdBot.CKQ, IRC/SdBot.CKR, Java/Exploit.Bytverify.H, Win32/Bizten.NAA, Win32/Hackarmy.AS, Win32/Pahador.B, Win32/Rbot.BCE, Win32/SpyBot.AMN, Win32/TrojanDownloader.Swizzor.BT

    You can check the NOD updates section for info when in doubt.

    NOD32
     
  3. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
  4. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i used to use etrust ez av, and it would throw up alerts occassionally for "byteverify.exploit".. i reinstalled etrust to see if it would detect the exploit at the cited website and throw up an alert, but i had the same results with it that i did with nod32.. with ms virtual machine off, the page loads, no alerts; with ms virtual machine on, the page does not load, and no alerts..

    oh well..

    i am not seeing a search feature at the nod32 website..
     
    Last edited: Dec 11, 2004
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I can't get either link to load with my security settings.

    Cheers :D
     
  6. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    I went to the website in question in IE6 with Java enabled, and NOD32 caught the infected file through IMON and terminated the connection. So no worries :)
     
  7. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    thanks, quexx88.. that is good to hear.. :)
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Redwolfe_98 - how are your settings configured....

    the page in question was indeed blocked as quexx88 pointed out - but I was initially unaware as imon - http - actions were set to automatically deny - changing them to "display warning with action selection" will yield the familiar red NOD32 box on viewing that particular page.

    hth

    Greg Hewitt-Long
     
  9. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    Got it, IMON popped up and warned me of multiple infections. I was relieved.
    (Screenshot follows.)
    IMON settings on default, except I have Advanced Heuristics enabled and normal heuristics set to Deep.

    EDIT: Blurred URL to avoid breaking forum rules
     

    Attached Files:

Thread Status:
Not open for further replies.