Has there been an update released for Winevar? Most all major AV vendors have updated for this dangerous nasty but I can't seem to find it listed anywhere on the defs page. Are we late and. if so, why? Phil
Kovar?? (grumble, grumble) Guess I need to hire an assistant to keep up with all the different names. Thanks for the info, Paul -- nice to know! Phil
Phil, It's a bit confusing, I agree. Aliases used for this particular nastie: "I-Worm.Winevar, WORM_WINEVAR.A, W32/Korvar, Worm/Bride.C, W32.HLLW.Winevar" Glad to be of help . regards. paul
Yep, everybody and his brother detects Winevar now; Norton even had a special rare Sunday liveupdate because of this worm: http://www.dslreports.com/forum/remark,5119964~root=security,1~mode=flat Symantec: W32.HLLW.Winevar http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.winevar.html McAfee: W32/Korvar http://vil.mcafee.com/dispVirus.asp?virus_k=99819 Trend Micro: WORM_WINEVAR.A http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINEVAR.A Panda Software: W32/Winevar http://service.pandasoftware.es/library/card.jsp?Virus=W32/Winevar Sophos: W32/Winevar-A http://www.sophos.com/virusinfo/analyses/w32winevara.html DialogueScience (DrWeb): Win32.HLLM.Seoul http://www.dials.ru/english/inf/virus.php?id=18 (although KAV detects this worm as I-Worm.Winevar, I can't find a Kaspersky reference). AVG also detects it as I-Worm/Winevar: http://www.dslreports.com/forum/remark,5123065~root=security,1~mode=flat#5123698 That's eight different vendors I know of(make that nine, if you include NOD32); I'm sure every AV that's worth its salt has detection for this one now. NOD32 was just as timely in response as all the other major AVs.
Heehee ... Paul, you left out the most important alias: Win32.HLLM.Seoul -- named by DrWeb, who apparently was first to detection. If I wanted to get you in trouble, I'd report your post to DialogueScience!
In todays Swedish class, we'll learn the meaning of "Korvar". "Korvar" - "Sausages" Repeat after me.. "korvar".. Best regards, Anders EuroSecure