Is it really a virus?

Discussion in 'NOD32 version 2 Forum' started by Devlin7, Jun 22, 2005.

Thread Status:
Not open for further replies.
  1. Devlin7

    Devlin7 Registered Member

    Joined:
    Jun 7, 2005
    Posts:
    33
    Hi,

    I have recently purchased a site license for NOD32 but have not deployed it fully yet.

    On our Proxy/ISA and mail server we are still running Etrust AV + ETRUST gateway AV. [By the way it is fully up to date]

    I got an alert from NOD32 running on one of our terminal servers indicating a user had just been sent the phishing virus.

    The thing that interests me is that the virus[?} got through the firewall antivirus with packet inspection. It then got through the gateway AV and also the etrust Exchange AV.

    Is this really a virus?

    Program Virus Alert EMON - Microsoft Outlook email monitor triggered on Termserv1: computerfrom: support_num_7 at lasallebank.com to: Office with subject LaSalle Bank: Account Update dated 06/23/2005 13:32 infected with HTML/Phishing.gen trojan.
     
    Last edited by a moderator: Jun 23, 2005
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    IMO - consider it a trojan because it is used to capture user information by stealth/deception. Normally Phishing.gen are not automatic in the collection of this information, normally they require user input.
     
  3. Devlin7

    Devlin7 Registered Member

    Joined:
    Jun 7, 2005
    Posts:
    33
    Interesting, I wonder why E-trust fails to pick it up. Even more interesting how it gets through the firewall.

    I guess this is the reason I am uninstalling CA and installing NOD32. :)
     
  4. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Computer Associates probably considers it spam or spyware, so their PestPatrol or Secure Content Manager programs would be the ones in charge of picking that up.
     
  5. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    another reason the combined approach of AV/AT/AS in NOD32 is better for end users... it also costs less than the multi-tool approach...
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    HTML Phising trojans are pure HTML emails without a malicious code (so far) whose aim is to deceive the recipient and elicit confidential information from him by pretending to be sent from a bank or another authority.
     
Thread Status:
Not open for further replies.