Detection of new porn pop-ups ???

Discussion in 'NOD32 version 1 Forum' started by f_disk, Oct 30, 2002.

Thread Status:
Not open for further replies.
  1. f_disk

    f_disk Guest

    Just wondering if NOD32 plans on adding a definition to detect the new porn email pop-ups that are in the news (some have labeled it a Trojan, others say Virus).

    I know that Norton has added it to their definition list

    (http://securityresponse.symantec.com/avcenter/venc/data/ortyc.trojan.html)

    and was wondering what NOD32's take on this was?

    Thanks.
     
  2. f_disk

    f_disk Guest

    :eek:

    No reply yet from the NOD32 support staffo_O??
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    We are fast - but hey, your question is up for say 3 hours ;). Be assured your question will be addressed :).

    regards.

    paul
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    IMHO, it rather qualifies as spy/foistware.

    SpyBot S&D already targets it, and I'm certain the next Ad-Aware reffile (whenever that's ready) will have it as well.

    I'm not so sure whether this is indeed antivirus "food", and I wouldn't blame Eset if it were to decide to give this one a pass.
     
  5. manxaura

    manxaura Registered Member

    Joined:
    Oct 27, 2002
    Posts:
    21
    Location:
    Australia
    :)


    My few bobs worth!!!!!!!!

    NOD is Best at what it does now and I like that I think it best to have a layer of programs to defend agianst the various attackes , the all in one type programs like Norton make always seem to fall short. may I suggets a line up like this.

    * NOD32 primary anti Virus
    * Pest patrol for nasties, trojons & back doors
    * Adaware for spy adds
    * Popup cop to eliminate the popups on the www
    * Anti key logger to make sure they are not listning
    * kerio fire wall to keep the kiddy hackers out.
    * oh yes DrWEB AV as my back up scanner but NOD is yet to ever let me down.

    Ok that's half my task bar icons listed lol

    let me know if you need help finding any of these online
     

    Attached Files:

  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Well f_disk,

    Let me throw in a quote from Magnus Mischel, designer from the antitrojan TrojanHunter: "spyware".

    I'm with Tony here:

    regards.

    paul
     
  7. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi f_disk,


    we are working on that....

    regards, :)

    jan
     
  8. f_disk

    f_disk Guest

    Paul,

    Thanks for the response. The quote that you posted was actually in reply to the exact same question I posted in the TH forum:

    Said by Magnus:

    "Hi,

    I'm not sure why Symantec et al. label this a trojan - looks like spyware to me. The ActiveX control (which you have to accept before anything happens) will watch your browsing habits and download porn ads from a remote server and subsequently display them as pop-ups. It doesn't do anything other than display these ads. TrojanHunter takes care of "real" trojans which enable script kiddies/hackers/anyone else to gain remote access to your computer or any other trojan that is malicious in any way. Spyware is best taken care of by programs such as "Spybot S&D" - you may want to download that if you are worried about applets like these. That said, if you have a copy of this applet, I will be happy to take a look at it - just send it to submit@trojanhunter.com"

    So that pretty much says to me that TH will not be adding it to their detection list.

    Which brings me to NOD32......I simply asked if they were going to add it to their detection list and as of yet, no one from Eset has said yes or no....simple question........yes or no? I have read the opinions of everyone and thank them for that, but I would like the official word from NOD32......this is the official support forum isn't it?
     
  9. f_disk

    f_disk Guest

    Thank-you Jan!
     
  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ...and there it is ;). Thanks Jan!

    regards.

    paul
     
  11. f_disk

    f_disk Guest

    My question is slipping to the bottom.....................

    Jan, does "we're working on it" mean:

    #1 We are working on adding it to the definitions

    or

    #2 We are working on an answer to your questiono_O??
     
  12. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Well, the source webpage:

    http://www.surprisecards.net/viewcard.htm

    is already down and we are checking how are the possibilities of spreading that thing....

    Cheers, :cool:

    jan
     
  13. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743

    I will be happy to send it to anyone..but first I need you credit card number. :rolleyes:
     
  14. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Where do we draw the line with what we detect/don't detect ? Do we try to include every Trojan ever written, plus all the spyware and porn dialers and browser hijackers and joke programs and key generators and program crackers and ad popups and homepage replacers and all the other malware/nastyware/pestware in the world ... or do we concentrate on maintaining NOD32's record as the world's best and fastest _virus_ detector ?

    Some years ago, certain antivirus spin doctors needed a new slant to give their flagging programs a boost. Some advertising whiz kid hit on the idea of totally unnecessary archive scanning, and the marketroids touted it into a "desirable" feature. Users fell for the spiel en masse ... never mind that antivirus programs became slower and even more bloated then ever ... who cares, as long as they scan inside 3000 different archivers to a depth of 600*10 ?

    The bottom line is that you could have ten thousand zipped viruses on your hard drive for ten years and not one of them would cause a problem unless you unzipped it ... at which time a decent antivirus program would block its execution and tell you it was a virus.

    Personally I think scanning inside archives is a crock we could do without ... but computer user wish lists largely dictate what we do and don't do with NOD32, so we're stuck with it until they accumulate the collective wisdom to see some of the useless "features" touted as desirable and/or essential by antivirus spin doctors for the snake oil they really are.

    [RantMode OFF]
     
  15. Scotcov

    Scotcov Guest

    rodzilla,
    Although I don't use your excellent antivirus at this point, I can't tell you how I appreciate your last post. I had never thought about the archive scanning. I just used it, thinking I needed to, and waited, and waited, and waited.
    Thank you for giving us the benefit of your knowledge.
    I think when my license expires with my current av, I've gotta make the switch.

    Scotcov
     
  16. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    That was not a rant ;)...but rather a breath of fresh air.
     
Thread Status:
Not open for further replies.