Whats the diff between bugbear.b and bugbear.b.damaged

Since if it's damaged then it won't help much, I know it helps for heuritics but still is there enough difference between that and the original bugybear.b

 

in general damaged means something like - incomplette virus body, unable to replicate, producing BSODs ... etc...

 

This seems strange to me:

Yet I remember when NAV detected W32.Magistr.corrupt and KAV detected I-Worm.Magistr.corrupted, ESET was calling that "snake oil" and proudly announcing they only included "live viruses" for detection. I really don't care, but it seems a little inconsistent based on previous behavior, but people change attitudes I guess.

FYI, McAfee included detection for W32/Bugbear.b.dam:

and Symantec has added W32.Bugbear.B.Dam to its virus list: my wife got one of these in email Saturday. KAV also has detection of I-Worm.Tanatos.dam and CA-eTrust also has "WIN32/BUGBEAR.B.CORRUPTED" in its Newly Detected Viruses list. Personally I'm unsure why the vendors are choosing to include a dead virus but it's OK by me.

 

Well I guess ESET change their policy. People don’t understand. So you got bad publicity.

There was a lot of dust about NOD32 not detecting corrupted Magistr sample (as Randy mentioned). It was a dead virus (non-working) but people didn't care. In their eyes, NOD32 fail to detected sample of Magistr.



Technodrome

 

You're right. As usual
Mainly, Eset included the detection of damaged samples of Bugbear.B because I asked to do that. According to MessageLabs statistics, Italy was one of the most striked country. That's absolutely true. We received many - really many - supports calls about Bugbear.B infections. Many users received a damaged sample of Bugbear.B that at the beginning NOD32 was not able to recognize. Sure, those samples were corrupted and they could not spread any infection. But the major part of users doesn't know that: they simply looked at those e-mails, decided that they were quite suspicious... and called the helpdesk. For us was really unfeasible bearing such an overload of supports calls.

ciao,
Paolo.

 

It's good that most AV programs detect the damaged Bugbears.

They may not be able to spread infection, but we've seen some of them that caused problems.

The corrupted Magistr mentioned earlier did nothing. It was a false alarm.

 

Yes, that's absolutely true. Just to say: at least in one case we had a "damaged" Bugbear.B able to spread on a PC. The extent of the "damage" may vary a lot. We've seen quite damaged files (even less than 5 KB) and other samples that were almost identical to the original Bugbear.B.

ciao,
Paolo.

 

I wouldn't say so. After all, it was detected as "corrupted", and it was exactly that - a corrupted, broken, non-functional virus. Oh well.