TextRange[1].htm

Discussion in 'NOD32 version 2 Forum' started by De Hollander, Apr 3, 2006.

Thread Status:
Not open for further replies.
  1. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Hello,

    I have a file that nod32 reports clean.

    With a online scan from Kaspersky : Exploit.JS.CVE-2006-1359.a

    Virustotal:
    Antivirus Version Update Result
    AntiVir 6.34.0.14 04.03.2006 no virus found
    Avast 4.6.695.0 04.03.2006 no virus found
    AVG 386 03.31.2006 no virus found
    Avira 6.34.0.54 04.03.2006 no virus found
    BitDefender 7.2 04.03.2006 Exploit.HTML.CreateRange.Gen
    CAT-QuickHeal 8.00 03.31.2006 no virus found
    ClamAV devel-20060202 04.03.2006 Exploit.JS.CVE-2006-1359
    DrWeb 4.33 04.03.2006 Exploit.CVE1359
    eTrust-InoculateIT 23.71.118 04.02.2006 no virus found
    eTrust-Vet 12.4.2146 04.03.2006 JS/VU876678!exploit
    Ewido 3.5 04.03.2006 Not-A-Virus.Exploit.JS.CVE20061359.a
    Fortinet 2.71.0.0 04.03.2006 HTML/CreateTxtRng.A!tr
    F-Prot 3.16c 03.30.2006 JS/CVE-2006-1359.A@expl
    Ikarus 0.2.59.0 04.01.2006 no virus found
    Kaspersky 4.0.2.24 04.03.2006 Exploit.JS.CVE-2006-1359.a
    McAfee 4731 03.31.2006 no virus found
    NOD32v2 1.1467 04.02.2006 no virus found
    Norman 5.90.15 03.31.2006 no virus found
    Panda 9.0.0.4 04.02.2006 no virus found
    Sophos 4.04.0 04.03.2006 no virus found
    Symantec 8.0 04.03.2006 Bloodhound.Exploit.61
    TheHacker 5.9.7.124 04.03.2006 no virus found
    UNA 1.83 03.30.2006 no virus found
    VBA32 3.10.5 04.03.2006 no virus found


    When I look at the virus signature database updates from Nod32:
    1.1457 (20060324) JS/Exploit.CVE-2006-1359
    1.1466 (20060331) JS/Exploit.CVE-2006-1359 (7),

    I have already send the file towards samples@nod32.com / support@nod32.com / servis@eset.sk with the subject : Sample, and that the file was encrypted with a password.( "infected" )

    My question is:
    Is this file part of the Zero Day IE Exploit?, ..and if so why does nod32 report this file clean.
     
    De Hollander, Apr 3, 2006
    #1
  2. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Probably because this version is not detected by the current signature used by NOD. But it could be a false positive as well... o_O

    BTW Ja lekker, doe maar een Brand :D
     
    SSK, Apr 3, 2006
    #2
  3. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    :D :D

    Virus signature database updates: 1.1468 (20060403)

    F:\Downloads\TextRange[1]\TextRange[1].htm - JS/Exploit.CVE-2006-1359 trojan

    Its time to take a beer, perhaps a Brand:D

    Thank you. :thumb:
     
    De Hollander, Apr 3, 2006
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...