Congratulations for Heuristics :D

Discussion in 'NOD32 version 2 Forum' started by pykko, Sep 27, 2005.

Thread Status:
Not open for further replies.
  1. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    oh yeah, sure, but the way i read the article was that there were 2 different worms were on the loose, rather than just 1 worm with 2 names. Maybe I'm just reading it wrong, cheers.
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    If all this were not enough.... :p
     

    Attached Files:

    • 13.GIF
      13.GIF
      File size:
      6 KB
      Views:
      495
  3. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
  4. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    Didn't catch this from 1 minute ago:



    Scanner Malware name
    AntiVir Worm/Sober.Q.1
    ArcaVir Worm.Sober.S
    Avast Win32:Sober-Q
    AVG Antivirus X
    BitDefender Win32.Sober.S@mm
    ClamAV X
    Dr.Web BACKDOOR.Trojan
    F-Prot Antivirus W32/Sober.R@mm
    Fortinet W32/VB.GR-pws
    Kaspersky Anti-Virus Email-Worm.Win32.Sober.s
    NOD32 X
    Norman Virus Control X
    UNA X
    VBA32 Email-Worm.Win32.Sober.s
     
  5. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Last file scanned at least one scanner reported something about: Regis.info.zip, detected by:

    Scanner Malware name
    AntiVir Packer/MEW
    ArcaVir X
    Avast Win32:Sober-S
    AVG Antivirus X
    BitDefender Win32.Sober.S@mm.Dropper
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus Trojan-Dropper.Win32.VB.iw
    NOD32 a variant of Win32/Sober
    Norman Virus Control W32/Suspicious_M.gen
    UNA X
    VBA32 X

    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,435
    It seems the file was not actually detected as an eml file due to some unusual MIME tags, hence it was not scanned internally. Here is a result from scanning at Jotti's and a result from my NOD32.

    The results should always be taken with a grain of salt.
     

    Attached Files:

  7. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    So why doesn't NOD detect it..........email or not, it should have been caught.........righto_O
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,435
    As you can see, I scanned the email file by my NOD32 and it was detected.
     
  9. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    Your scan shows it as the Sober.R worm and in the jotti's scan it is identified by all as sober.S worm............are you sure you're scanning the same file?
     
  10. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    I stand corrected.............looks like there are quite a few variants of it in the screenshot I posted..............Q, R, S..........etc.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,435
    One variant, different names given by different AV vendors.
     
  12. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
    exactly why the naming convention might be a REALLY good idea... time will tell if it ever works though...
     
  13. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
  14. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    171
    Dumb question... which site are you guys going to, to get all the stats that are posted above o_O
     
  15. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,734
    Location:
    Toronto Canada
    Not dumb at all. The info in at least some of the posts is from here. http://virusscan.jotti.org/ :D
     
  16. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    ok...u've discussed enough on that picture...now talk on this one. :p :D
     

    Attached Files:

    • 14.GIF
      14.GIF
      File size:
      6 KB
      Views:
      416
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,435
    We could post here many examples, for instance, this new Mytob worm variant being spread right now:
     

    Attached Files:

    • vt3.jpg
      vt3.jpg
      File size:
      62.2 KB
      Views:
      447
  18. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,435
    There are already enough examples as how effective advanced heuristics is so I suggest not to post any more screenshots here.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.