W32/Buzus.AWL Trojan

Discussion in 'ESET NOD32 Antivirus' started by AspectTech, Mar 5, 2009.

Thread Status:
Not open for further replies.
  1. AspectTech

    AspectTech Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    10
    Is this going to be including in any upcoming builds? Our office just got hit with it and ESET did nothing. Virus appears as e-card.zip form "American Greetings".
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
  3. AspectTech

    AspectTech Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    10
    It was an email that got past our email security device from "American Greetings" supposedly and had a file-name of "e-card.zip". I looked it up today and many antivirus programs have already updated and caught it. I am just curious as to why ESET has yet to update. I will send the file once I am on-site.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Those messages have been getting deleted by the Outlook filter at my site for over a week now (first saw them on the 25th). They were detected as a variant of Win32/Merond.C.
     
  5. AspectTech

    AspectTech Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    10
    Here is an article on the virus. http://www.plixer.com/blog/tag/e-cardzip/

    What I would like to know is why a no-name blogger has information (technical information) about the virus on February 27th, 2009 and ESET, 5 days later, did not catch this at all and 5 people on my network opened the file and get hit.
     
  6. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Again, Nod32 IS detecting this. The heuristics were picking it up on the 25th at my site and another one got picked up two days ago, this time detected with a proper signature for W32/TrojanDownloader.FakeAlert.LG trojan. You might want to go back and check the scanning options that you are using.
     
  7. AspectTech

    AspectTech Registered Member

    Joined:
    Sep 11, 2008
    Posts:
    10
    I am 100% positive that our scanning options are correct. I also know that we are scanning emails. This got past ESET completely. Also our Exchange server is blocking these, but it appears somebody received it through their hotmail to start the outbreak. This is a new variant of a virus that is about a week old. I am just wondering when a fix will be available.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    From my experience I get a reply and an update <24 hours after submission.
     
Thread Status:
Not open for further replies.