Winevar update?

Discussion in 'NOD32 version 1 Forum' started by Phil, Nov 28, 2002.

Thread Status:
Not open for further replies.
  1. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Has there been an update released for Winevar? Most all major AV vendors have updated for this dangerous nasty but I can't seem to find it listed anywhere on the defs page. Are we late and. if so, why?

    Phil
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Phil,

    Covered in the latest database update: alias is "W32/Korvar.A" ;).

    regards.

    paul
     
  3. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Kovar?? (grumble, grumble) Guess I need to hire an assistant to keep up with all the different names. :D

    Thanks for the info, Paul -- nice to know!

    Phil
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Phil,

    It's a bit confusing, I agree. Aliases used for this particular nastie:

    "I-Worm.Winevar, WORM_WINEVAR.A, W32/Korvar, Worm/Bride.C, W32.HLLW.Winevar"

    Glad to be of help ;).

    regards.

    paul
     
  5. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Yep, everybody and his brother detects Winevar now; Norton even had a special rare Sunday liveupdate because of this worm: http://www.dslreports.com/forum/remark,5119964~root=security,1~mode=flat

    Symantec: W32.HLLW.Winevar
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winevar.html

    McAfee: W32/Korvar
    http://vil.mcafee.com/dispVirus.asp?virus_k=99819

    Trend Micro: WORM_WINEVAR.A
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINEVAR.A

    Panda Software: W32/Winevar
    http://service.pandasoftware.es/library/card.jsp?Virus=W32/Winevar

    Sophos: W32/Winevar-A
    http://www.sophos.com/virusinfo/analyses/w32winevara.html

    DialogueScience (DrWeb): Win32.HLLM.Seoul
    http://www.dials.ru/english/inf/virus.php?id=18

    (although KAV detects this worm as I-Worm.Winevar, I can't find a Kaspersky reference). AVG also detects it as I-Worm/Winevar: http://www.dslreports.com/forum/remark,5123065~root=security,1~mode=flat#5123698

    That's eight different vendors I know of(make that nine, if you include NOD32); I'm sure every AV that's worth its salt has detection for this one now. NOD32 was just as timely in response as all the other major AVs. :D :D
     
  6. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Heehee ... Paul, you left out the most important alias: Win32.HLLM.Seoul -- named by DrWeb, who apparently was first to detection. If I wanted to get you in trouble, I'd report your post to DialogueScience! :D :D
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ran,

    Grin..give Igor Daniloff my regards ;).

    regards.

    paul
     
  8. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    In todays Swedish class, we'll learn the meaning of "Korvar".

    "Korvar" - "Sausages"

    Repeat after me.. "korvar"..

    Best regards,
    Anders
    EuroSecure
     
  9. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Hmmm ... interesting ... an internet worm named after a sausage? :D :D :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.