New Outbreak - Advanced heuristics scores again

Discussion in 'NOD32 version 2 Forum' started by Marcos, Apr 14, 2005.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    3 hours ago, we noticed a new outbreak of a mass-spammed threat picked up by advanced heuristics.

    Shortly after, a new update 1.1062 was issued and the threat has been detected as Win32/TrojanDownloader.Small.ZL trojan since.
     

    Attached Files:

    Last edited: Apr 15, 2005
  2. Security Freak

    Security Freak Registered Member

    Joined:
    Apr 14, 2005
    Posts:
    83
    i hate trojans,this small atack my PC two weeks ago when i have another AV and i turn off for install a huge video editor,this trojans always stay searching one PC without protection,in 1 minute you can targeted, :oops:
     
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Ah now I know why I got the 2nd update - I just said to myself "hmm I got one only a few hours ago.." lol.. well good work and love that AH.
     
  4. 4now

    4now Registered Member

    Joined:
    Oct 9, 2004
    Posts:
    89
    two infected emails arrived around 4:30 central Canada. I deleted one remotely and didn't notice the second. I was glad that Nod detected it with heuristics -- I was also surprised that OutPostPro 2.6 jumped in.

    Also--the two updates arrived shortly, along with Marco's post.

    I know I made the right purchases.
     
  5. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    That is awesome!!!
     
  6. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    gotta love eset. they have been belting out the updates like crazy lately, if it continues this way well be near kav in no time!!! go nod
     
  7. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Good stuff, excellent to see that things are working as intended
    NOD is still a very good part of an overall security solution

    The next thing that would be great to see is a partnership with Sysinternals and incorporation of RootKitRevealer into the AV engine so that the easy option for rootkits trying to hide in plain sight wouldn't be a particularly good option...

    NB: I'm sure this has been fed back many times already....
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Hehe - I guess its very normal now that NOD gets all the malware without signatures!!!

    You gotta love the heuristics engine, its just so darn great!!!
     
  9. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Good work ESET! :D
     
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    very re-assuring :) certainly helps me to know NOD is detecting before we get anything nasty :cool: Thanks for posting this as it does help to see the live action.
     
  11. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Yeah, it's obvious to me that the people at Eset have been working hard lately. I am glad I switched back to NOD32, that's for sure. (So is my CPU.)
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I Love Nod32, it just saved a work system from being infected, even though Trend Micro said the file was clean...

    Cheers :D
     
  13. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Is this really new.
    A search for this name tells me it has been around some time.
    Am i missing something.
     
  14. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Trend Micro always used to say that my PC was clean, however when I switched to eScan it immediately found a few trojans. I dont trust Trend much anymore.
     
  15. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    New or old - NOD detected it without needing a signature. Except for unlpugging you PC and not turning it on there's no better protection than that.
     
  16. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    You mean you would have opened that archive and run whatever was inside otherwise?
     
  17. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I do that sometimes when I'm clicking at random - doesn't everyone?
     
  18. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    You're joking, right? No, I never do that.
     
  19. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You mean you run a Jotti's scan before opening it? o_O

    If my AV does not detect anything, I normally do open it.
     
  20. Happy Bytes

    Happy Bytes Guest

    TM has lot's of ppl in the virus lab - mostly so called 'trainees'.
    Almost no senior stuff there. I know most of the ppl there. Dont ask why ;)

    They add signatures until the devil escapes hell. The scanengine stills the same since years. Problems with complex malware such as EPO Driller viruses, uruguay viruses (which are one of the most complex virues ever under dos) , unpacking etc...

    They are suprisingly good with detecting spyware stuff - i do not want to comment anymore on this, cause i'm biased.
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No, as stated in that post, it fooled my fiancé into opening it, she is a little wiser after the experience, and is slowly learning, a newbie to computers.

    Cheers :D
     
  22. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    :eek::eek::eek::eek:

    I just absolutely love your choice of words there :)

    I'll agree there. I dont think Trend's unpack engine does anything more than unpacking UPX!!!

    Definitely not better than NOD32 :D
     
  23. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    No, I wouldn't open it at all unless I was expecting it, within reason, and it appeared to be from someone I knew.
     
  24. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yes - Thats the best form of rational thinking, I agree :)

    (I'm not speaking negatively)
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hi there I had the same Experience with Yahoo mail box and they use Norton AV 2005!! If I could KISS NOD32 I would :-* LOL.

    Of all the Security Software I use NOD32 Stopped it FIRST!!!!!:D :p

    dagolag
     
Thread Status:
Not open for further replies.