Mydoom.a worm

Discussion in 'NOD32 version 2 Forum' started by Blackspear, Jan 26, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This appears to be a brand spanking new worm, picked up today.

    It comes through showing an attachment, however there is no attachment, drops itself into memory, Nod detects it upon a scan only and cannot delete. It deletes AFTER rebooting.

    Cheers :D
     
    Blackspear, Jan 26, 2004
    #1
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    You might want to check out the link about the worm---my doom


    http://www.wilderssecurity.com/showthread.php?t=20465
     
    bigc73542, Jan 26, 2004
    #2
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks for that, have seen a major slowdown on the internet today, maybe that is the cause...

    :D
     
    Blackspear, Jan 26, 2004
    #3
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    That is a definate possibility some of these new malware put a good load on the internet when they first comeout.
     
    bigc73542, Jan 26, 2004
    #4
  5. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    NOD detect it since the 1.608 update.
     
    sir_carew, Jan 26, 2004
    #5
  6. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Does NOD32 detect this worm with advanced heuristics?

    izi
     
    izi, Jan 27, 2004
    #6
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Yes it did with us, and now (a few hours ago) it detects it within it's virus definitions database.

    Cheers :D
     
    Blackspear, Jan 27, 2004
    #7
  8. Shelb

    Shelb Registered Member

    Joined:
    Dec 3, 2003
    Posts:
    76
    Nod saved me last night from this one as well :)
     
    Shelb, Jan 27, 2004
    #8
  9. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    In the virus description don't appear that NOD is able to detect it using AH.
     
    sir_carew, Jan 27, 2004
    #9
  10. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    My best friend nailed it with the heuristics last nite. He got the definitions update about 30 min later. :eek:
     
    Access Denied, Jan 27, 2004
    #10
  11. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Here are the responses speed of some AVs:
    TrendMicro, el 26/01/2004 a las 23:52:29 como WORM_MIMAIL.R NOD32, el 27/01/2004 a las 00:55:43 como Win32/Mydoom.A Antigen, el 27/01/2004 a las 01:39:51 como MyDoom.A@mm Norton, el 27/01/2004 a las 01:50:13 como W32.Novarg.A@mm Kaspersky, el 27/01/2004 a las 02:08:53 como I-Worm.Novarg Sophos, el 27/01/2004 a las 02:09:19 como Win32/MyDoom-A InoculateIT, el 27/01/2004 a las 02:28:42 como Win32.Shimg.Worm Panda, el 27/01/2004 a las 05:39:04 como W32/Mydoom.A.worm McAfee, el 27/01/2004 a las 05:57:49 como W32/Mydoom@MM
    Source: Hispasec (Spanish)
    I hope that you'll understood the spanish parts.
     
    sir_carew, Jan 27, 2004
    #11
  12. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Does NOD32 detect Win32/Mydoom.A and Win32/Dumaru.Y with advanced heuristics?

    Answer: Only Dumaru.Y
     
    izi, Jan 27, 2004
    #12
  13. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I am afraid the answer Dumaru.Y is wrong. Due the nature of intentionally damaged zip archive (erong global headers, correct local headers) the worm has not been picked by AH in my opinion. Maybe you noticed, archive support has been updated on 26th.... Hope this has been fixed now....
     
    mrtwolman, Jan 28, 2004
    #13
  14. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    This was answer of Eset support. I think that they know.

    izi
     
    izi, Jan 28, 2004
    #14
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...