ByteVerify.exploit

Discussion in 'NOD32 version 2 Forum' started by redwolfe_98, Dec 10, 2004.

Thread Status:
Not open for further replies.
  1. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    it seems that nod32 does not detect "byteverify.exploit":
    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=36725

    someone posted a thread about a website where they encountered "byteverify" exploit:
    http://www.dslreports.com/forum/remark,12057018~mode=flat

    the webpage in question is (if you are using an old, outdated, unpatched version of ms virtual machine, do not go to the website):
    http://.

    i could be wrong about nod32's not detecting byteverify.exploit..

    Please don't post links to sites with viruses or exploits--Ron
     
    Last edited by a moderator: Dec 10, 2004
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,248
    Location:
    Texas
    NOD32 - v.1.905 (20041024)
    Virus signature database updates:
    Exploit.HTML/Mht.AH, IRC/SdBot.CKP, IRC/SdBot.CKQ, IRC/SdBot.CKR, Java/Exploit.Bytverify.H, Win32/Bizten.NAA, Win32/Hackarmy.AS, Win32/Pahador.B, Win32/Rbot.BCE, Win32/SpyBot.AMN, Win32/TrojanDownloader.Swizzor.BT

    You can check the NOD updates section for info when in doubt.

    NOD32
     
  3. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
  4. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i used to use etrust ez av, and it would throw up alerts occassionally for "byteverify.exploit".. i reinstalled etrust to see if it would detect the exploit at the cited website and throw up an alert, but i had the same results with it that i did with nod32.. with ms virtual machine off, the page loads, no alerts; with ms virtual machine on, the page does not load, and no alerts..

    oh well..

    i am not seeing a search feature at the nod32 website..
     
    Last edited: Dec 11, 2004
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I can't get either link to load with my security settings.

    Cheers :D
     
  6. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    I went to the website in question in IE6 with Java enabled, and NOD32 caught the infected file through IMON and terminated the connection. So no worries :)
     
  7. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    thanks, quexx88.. that is good to hear.. :)
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    Redwolfe_98 - how are your settings configured....

    the page in question was indeed blocked as quexx88 pointed out - but I was initially unaware as imon - http - actions were set to automatically deny - changing them to "display warning with action selection" will yield the familiar red NOD32 box on viewing that particular page.

    hth

    Greg Hewitt-Long
     
  9. ShunterAlhena

    ShunterAlhena Registered Member

    Joined:
    Aug 1, 2004
    Posts:
    134
    Location:
    Szigethalom, Hungary
    Got it, IMON popped up and warned me of multiple infections. I was relieved.
    (Screenshot follows.)
    IMON settings on default, except I have Advanced Heuristics enabled and normal heuristics set to Deep.

    EDIT: Blurred URL to avoid breaking forum rules
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.