Does NOD32 team has the W32.AntiWinny.kintama sample?

Discussion in 'NOD32 version 2 Forum' started by tempnexus, Apr 4, 2004.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Looks like it's going to be nasty just wondering if they are on the ball.

    From the inq:
    A REPORT ON the Mainichi Daily News web site says that a virus called Kintama is picking up details of P2P chat room users' PC screens and then spreading the details worldwide.
    Winny - a popular file sharing program in Japan - is being particularly hard hit by Kintama, which apparently grasps file sharers by the cojones, squeezes out bank account numbers and publishes them world wide.

    Kintama is clever enough to screen capture a person's PC once a day, and then file share it amongst other users.

    Which could be highly embarrassing and costly.

    Ouch! This does not appear to be a late April Fool's joke
     
  2. Sumire

    Sumire Registered Member

    Joined:
    Sep 26, 2002
    Posts:
    43
    Location:
    Japan
    (W32.AntiWinny.kintama) is rapidly spreading via P2P program(Winny) in Japan and some people suffered serious damage. Many Japanese NOD32 users reported that NOD32 couldn't detect this trojan. But this is not a serious problem because this trojan propagate only by P2P program(Winny), so most average users don't need to worry about this trojan. I already sent this trojan Symantec, Ewido Security Suite and Kaspersky. If Eset team didn't have this trojan's sample, please let me know e-mail address, I would submit it.

    Best Regards
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Sumire,

    Please zip the bugger and send me a copy - my email address is in my profile. Thanks in advance ;)

    regards.

    paul
     
  4. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    interesting....

    :) I'll will stand down Paul.

    Cheers :)
     
  5. Sumire

    Sumire Registered Member

    Joined:
    Sep 26, 2002
    Posts:
    43
    Location:
    Japan
    Hi, Paul

    I sent W32.AntiWinny.kintama's sample now.

    Best Regards
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Got it - thanks. Copy send to Eset in the meanwhile.

    regards.

    paul
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Sorry, but that is completely ridiculous thinking. The trojan could spread in any other way you can think of, including surreptitious installation with other software, browser holes, Usenet downloads, email, via IM, or anything else. Prevalence matters, but you can't have vector tunnel vision.
     
  8. Sumire

    Sumire Registered Member

    Joined:
    Sep 26, 2002
    Posts:
    43
    Location:
    Japan
    Hi,nameless

    I can understand your opinion, but I also have my opinion about W32.AntiWinny.kintama.

    At first, Winny (a very popular file sharing program in Japan, I've heard more than millions of people use this P2P software in Japan.) More than 99.9% of Winny users use this software for illegal purposes, so other average PC users hate this software. Yes, I'm one of them.

    As for the W32.AntiWinny.kintama, this trojan doesn't work correctly without Winny on their hard disk. Some programmer reverse engineered this trojan, so this is true. Many clever PC users says, the best way to protect from this trojan is "Don't use Winny(P2P software), or "Delete Winny from your hard disk".

    I know some Japanese police officer and fire fighter's important documents was shared on the internet by this trojan. (I know other serious cases,too.) But no one sympathized with them because all of them were using Winny.

    NOD32 began to support W32.AntiWinny.kintama in the recent updates, I do respect Eset team's efforts, but W32.AntiWinny.kintama has many variants that NOD32 still can't detect, and I know many ways how to make W32.AntiWinny.kintama(every malicious programs) undetected by NOD32. Should I submit all of them? I don't think so. No security software can protect from malicious programs perfectly if they use P2P programs. But I think average users don't need to care about this type of malicious programs.

    BTW, W32.AntiWinny.kintama uses this exploit to execute itself.
    http://www.securitytracker.com/alerts/2004/Jan/1008843.html
    Maybe W32.AntiWinny.kintama is the first ITW malware to use this exploit, very clever.

    Best Regards
     
  9. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I'm agree with nameless.
    P2P networks are VERY used by thousand of people in the world and AV need to detect most P2P malware as they can and for that they need the help of the people that can/want send samples to the company.

    >Should I submit all of them? I don't think so.
    You need to do that!, if not you're a very egoist person. Send samples to AV are very easy and take no much time!, if you send samples you're helping to the users and to fight against hackers. While a AV can detect more malware, better!. I send a lot of samples to ESET every day. If you've undettected samples why not sent that?
     
Thread Status:
Not open for further replies.