NOD2 and VBA32 miss new Bagle Variant

http://www.dslreports.com/forum/remark,14346909

 

Never mind, NOD32 does detect it xD

 

I checked the file at Jotti's when there were only 2 AV that detected it, KAV was not among them. Anyway, it was only a dropper and subsequently dropped file was flagged as Bagle.BI, so it wasn't actually a severe threat.

 

I had this one show up in my inbox yesterday too as price.zip. I'm also seeing lots of Padobot (aka Korgo) worms showing up.

Ned

 

It was detected by VBA32 heuristic on level 3 ("excessive") , but scanner on Jotti's site is configured to use level 2. You can scan your files using our online scanner at http://anti-virus.by/check/ (sorry, but only in russian yet), it's configured to use level 3 of heuristics analyzer.

 

Important point, and one of the reasons why VBA32 tests so high in my own testings, I use aggressive heuristics. Also i've noticed Jotti uses Linux version, which I think makes a difference, he really should be running Windows versions of all products.

VBA32 does exceptionally well on outbreak detections we run here. One of the few, if not the only - to offer Zero-Hour protection for tons of threats. (once again, based on experiances in this specific lab)

 

100% True, Paranoia heuristics in VBA32 is impressive!.