There is a new sasser.F out. :) Get on the ball. :)

Discussion in 'NOD32 version 2 Forum' started by tempnexus, May 11, 2004.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    McAfee: W32/Sasser.worm.f
    »us.mcafee.com/virusInfo/default.asp?id..

    Trend: WORM_SASSER.F
    http://www.virusportal.com/com/virusinfo/encyclopedia/overview.aspx?idvirus=47311

    Panda: Sasser.F
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125095
    F-Secure: Sasser.F
    »www.f-secure.com/v-descs/sasser_f.shtml

    Sophos: W32/Sasser-F
    »www.sophos.com/virusinfo/analyses/w32s..

    Computer Associates: Win32.Sasser.F
    http://www3.ca.com/threatinfo/virusinfo/virus.aspx?id=39098

    VSAntivirus: W32/Sasser.F. Modified variant of the Sasser.A
    Spanish: »www.vsantivirus.com/sasser-f.htm
    English: »babelfish.altavista.com/babelfish/trur..
     
  2. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Tempnexus,

    Are you tying to imply that NOD32 is not on top of this one yet??
     
  3. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    It is covered by todays deff's.
     
  4. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I've already referenced this issue in other posts, but why doesn't NOD32 detect SASSER using hueristics? Why does it have to rely on defs?
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,739
    Location:
    Texas
    Here is some info I found on Nod heuristics.

    NEW GENERATION' ANTIVIRUS SOFTWARE BLOCKS MOST VIRUSES, WITHOUT UPDATES
    Netsky, Bagle, MyDoom, Hiton, Sobig, Nimda, Swen etc. no threat to NOD32 users
    March 7, 2004
    NOD32's new 'next generation' antivirus software has detected > 80% of all new in-the-wild viruses in the last six months without needing specific signature updates, and without 'false-alarms'.

    In this era of fast infecting, mass-emailing viruses, any delay in providing protection can have a huge impact on virus spread. NOD32's performance in stopping most viruses without any need for a signature update is highly significant.

    'While most antivirus makers were scrambling to create signature updates NOD32 users were already protected even before anyone knew what these infections were.' commented Kirk Parker, NOD32 Corporate's Technical Manager.

    'Many antivirus products use a combination of signature and heuristic detection methods, but few give much attention to the heuristic side,' commented Richard Marko, NOD32's head of Strategic Development.

    NOD32 antivirus is the exception, with new, world-leading technology in both signature and heuristic detection. NOD32 was able to block these latest infected messages using its 'Advanced Heuristics', detecting more than 80% of new 'in-the-wild' viruses without a signature update. Viruses pre-detected by NOD32's heuristics include LoveLetter, Marburg,
    Badtrans, Swen, Bugbear, Sobig, Kournikova, Lovsan, Lablan, Mapson, Sobig Mimail, Klez, Sircam, Nimda, Bagle and Netsky. Signature updates are released as often as needed.

    NOD32 has been awarded more VB100% awards (by Virus Bulletin Magazine UK) than any other antivirus product, and actually has not missed a single 'in-the-wild' virus in over 5 years of testing by Virus Bulletin Magazine.

    http://www.newsmedianews.com/software.htm#nod32
     
  6. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    Well yes and no. Since I didn't get the strain I was unable to send it to NOD32 for early detection. Thus posting this info seemed like a good idea for users who use NOD32. It also gave a bit more incentive for NOD32 to search out the strain and update it....as you can see it took them 2.5 days but it's there (that is the reason why I posted...just in case NOd32 gets the file late at least users who got infected can see how to manually clean it). I am not saying that NOD32 lags, frankly nod32 has been on the ball with most of the malware out there but once in a while someone somewhere falls asleep.
     
Thread Status:
Not open for further replies.