Troj/FireSpy-A -- signature naming standards

Discussion in 'NOD32 version 2 Forum' started by Dilbert_2, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. Dilbert_2

    Dilbert_2 Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    15
    I am new to NOD32, having just installed a registered version of it, so I'm still getting my 'feet wet' and may ask some stupid questions. But I may have two of them now:

    (#1) Troj/FireSpy-A is a relatively new information-stealing Trojan which specifically targets Mozilla Firefox, which I use most of the time. I think this one made its first appearance around July 24th.

    I assume NOD32 covers this threat, but I am unable to identify a reference to it in the the ThreatSense Updates listing of virus signatures (http://www.eset.com/support/updates.php). (This is the right place to look, I assume.)

    I may be using the wrong text string, but I've used "FireSpy", "FormSpy", "Firefox" to no avail. However there are some signatures with "-moz" (Chimoz-) and I was wondering if one of these might be it.


    (#2) Is there an industry-wide standard standard for referencing/naming virus signatures, or does each virusscan company come up with their own unique system of names? If so, is there any way to cross-reference them?

    Many thanks in advance. Nice forum, by the way. Been digging around in here for hours.

    Regards, Dilbert_2
     
    Last edited: Aug 2, 2006
  2. ASpace

    ASpace Guest

    Re: Troj/FireSpy-A -- signature namimg standards

    No problem , you are welcome !

    Since you are new ESET NOD32 user , please have a look at these pages :


    Make sure your NOD32 is configured on Max as showed in the links above and keep your Firefox updated . The latest version is 1.5.0.5 .You can download it from here http://www.mozilla.com/ or use the integrated update to upgrade to the neweset version .

    A quote from NOD32's faq


    Does NOD32 detect a particular virus?

    If it is a real virus and not a hoax, it is very likely that NOD32 detects it. It is essential that you always keep your NOD32 up to date so that even newly discovered viruses would be detected. To make sure it will actually be detected, please see the list of recently added virus signatures.

    Very rarely a new virus may come out that NOD32 will not detect. Within minutes, through an international organization of AV companies, we will be made aware of the potential threat. If necessary, an instant update for the particular virus will be released. After updating to the latest virus database, the danger should be over.




    No , there are not standarts , any vendor is allowed to have its own name

    Hope I can help ! :D
     
  3. Dilbert_2

    Dilbert_2 Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    15
    Re: Troj/FireSpy-A -- signature namimg standards

    Thank you for the very rapid response and helpful links. That answers my questions/concerns for now; I need to learn more about this program, so I will be following your links for awhile. :)

    Regards.
     
  4. ASpace

    ASpace Guest

    Re: Troj/FireSpy-A -- signature namimg standards

    I am not 100% sure but , according to some Google searches , NOD32 already detect this in 1.1678 with the name W32/Spy.FormSpy
     
  5. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
  6. ASpace

    ASpace Guest

    Re: Troj/FireSpy-A -- signature namimg standards


    Great , sorry for the wrong info . I am not using Firefox on my main computer so I don't have really the latest about it . I was referring to the site www.mozilla.com which showed 1.5.0.5 . No problem ;)
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Re: Troj/FireSpy-A -- signature namimg standards

    If u're not sure about a virus name and if an AV detects it or not use VGREP from here
    You should create yourself an account on this webpage to access it. Than you could use it very simple.
    Just type a virus name there and it will automatically show you all the aliases it has among different AV. ;)
     
  8. Dilbert_2

    Dilbert_2 Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    15
    Re: Troj/FireSpy-A -- signature namimg standards

    Will go look - thank you! Just checked for an update on my 1.5.0.5 from Firefox and it says 'no update available' so this must just be out. Was unaware of the ftp site. So that was a useful OT for me, thks! :)

    Thank you pykko - this was exactly what I was looking for. Very useful.

    I am very impressed with this forum. Thanks all. Regards. :D
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Re: Troj/FireSpy-A -- signature namimg standards

    Yup that website is priceless :)
     
Thread Status:
Not open for further replies.