Urgent Warning on New Virus

Discussion in 'other anti-virus software' started by Albinoni, Jan 3, 2006.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    I was just on Castle Cops forum or website and found this. Now I dont know how bad or serious this is but I'm not taking it lightly either. Looks like another nasty one is on the loose and ready to destroy more PC's unless somthing is done about it ASAP by both MS and AV companies.

    Also as I use NOD32 and Bitdefender Pro 9 on two seperate PC's I'm not sure if any of these AV companies have found a cure or update for this.

    Here's the link:

    http://www.castlecops.com/modules.php?name=Forums&file=index

    BTW I've also posted this topic in the NOD32 section on this forum.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Albinoni

    Thanks.

    This is the same WMF exploit discussed here and here.
     
    Last edited: Jan 3, 2006
  3. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
  4. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    New results i think? from av-test

    These detected all the wmf samples
    * BitDefender
    * Computer Associates eTrust-VET
    * F-Secure
    * Kaspersky Lab
    * McAfee
    * Eset Nod32
    * Microso OneCare
    * Sophos
    * Symantec

    These missed just one file:

    * Alwil Avast
    * Clam AntiVirus
    * Aladdin eSafe

    These tools missed a number of samples (total in parentheses):

    * Fortinet (1:cool:
    * AntiVir (24)
    * eTrust-INO (25)
    * Panda (25)
    * Ikarus (26)
    * Norman (26)
    * Ewido (47)
    * AVG (59)
    * VirusBuster (61)
    * QuickHeal (63)
    * Trend Micro (63)
    * Dr Web (93)
    * VBA32 (110)
    * Authentium Command (119)
    * F-Prot (119)
     
  5. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    OK, at least I now know that VBA and Kaspersky are completely different. Didn't someone once point out a few months ago that VBA and Kaspersky signatures were almost similiarly updated.

    PS: Nice to see that the bigger name (niche) AV's like NOD32 and KAV have gotten their act out quickly
     
  6. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Antiviruses that detect by heuristics seem to be matching more variants than those soley based on signatures.

    I'm surprised at Dr. Web.
     
    Last edited: Jan 5, 2006
  7. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Interesting new results. Good job from Computer Associates eTrust-VET!

    However two others really dissapointed me:
    * Panda (25)
    * Trend Micro (63)
    They were on top of it with the first samples, now they're lacking behind. Also F-Prot showed very weak in this threat (119 missed). I really hope to see an table with updates times on this threat from the different vendors. Nothing better then a real-life test ;)
    But I feel save, BitDefender got 100% in both tests (without the need of patches :p troll).
     
  8. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Do we have confirmation that CA's VET engine is detecting all known variants?
     
  9. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    As far I know, the test contained all the know variants till date (206)? Or did I misunderstood?
     
  10. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    ya it has all the known variants

    sorry i didnt post earlier i was a at a highschool party
     
Loading...
Thread Status:
Not open for further replies.