Why doesn't NOD32 have gen signatures?

Discussion in 'NOD32 version 2 Forum' started by Culvin, Mar 3, 2005.

Thread Status:
Not open for further replies.
  1. Culvin

    Culvin Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    47
    Why doesn't NOD32 have generic signatures for RBot, SDBot, etc. like Kaspersky and McAfee do? RBot and SDBot are common pests, and NOD32 is having to rely on heuristics and pumping out signatures for every new variant while Kaspersky and McAfee are able to pick out these new variants with their generic detections.
     
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    In this specific case what would be the advantage between a generic detection and a heuristics detection of these types of malware? Would the generic detection be better?

    Examples: http://virusscan.jotti.org/

    Last piece of malware found was Win32:SpyBot-A1045 in rBot2pedper.exe, detected by:

    Scanner Malware name Time taken
    AntiVir X 0.48 seconds
    Avast Win32:SpyBot-A1045 1.53 seconds
    AVG Antivirus X 0.53 seconds
    BitDefender Backdoor.RBot.D7C2C6C6 0.57 seconds
    ClamAV X 0.62 seconds
    Dr.Web X 0.87 seconds
    F-Prot Antivirus X 6.67 seconds
    Fortinet X 0.44 seconds
    Kaspersky Anti-Virus Backdoor.Win32.Rbot.gen 1.07 seconds
    mks_vir X 0.27 seconds
    NOD32 probably unknown NewHeur_PE 2.12 seconds
    Norman Virus Control Sandbox: W32/Spybot.gen3 15.48 seconds


    Last piece of malware found was Backdoor.RBot.BE7215B2 in neukenmaar.exe, detected by:

    Scanner Malware name Time taken
    AntiVir X 0.40 seconds
    Avast X 1.53 seconds
    AVG Antivirus X 0.45 seconds
    BitDefender Backdoor.RBot.BE7215B2 0.52 seconds
    ClamAV Exploit.DCOM.Gen 0.64 seconds
    Dr.Web Win32.HLLW.MyBot 0.85 seconds
    F-Prot Antivirus X 1.18 seconds
    Fortinet X 0.45 seconds
    Kaspersky Anti-Virus Backdoor.Win32.Rbot.gen 1.15 seconds
    mks_vir X 0.42 seconds
    NOD32 probably unknown NewHeur_PE 0.68 seconds
    Norman Virus Control Sandbox: W32/Malware 17.
     
Thread Status:
Not open for further replies.