Security Incidents mailing list archives

Re: New Virus / Trojan ?

From: Vincent Jaussaud <Vincent.Jaussaud () kelkoo net>
Date: Mon, 26 Jul 2004 23:38:53 +0200

I've seen this today too - up2date clamscan doesn't know about it yet.
But I had more luck after I've manually forced another update
on our Kaspersky scanner and it's detected as:

mail:~/virii# /opt/kav/bin/kavscanner [cleared_filename].txt\ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .scr
Kaspersky Anti-Virus On-Demand Scanner for Linux. Version
5.0.4.0/RELEASE build #3, compiled Jul  5 2004, 16:07:57
Copyright (C) Kaspersky Lab, 1997-2004.
There are 94049 records loaded, the latest update 26-07-2004
Config file: /etc/kav/5.0/kav4unix.conf
~                                                 .scr INFECTED
I-Worm.Mydoom.m


http://www.virustotal.com show the following:

Scan results
 File: britney.zip
 Date: 07/26/2004 21:30:27
----
BitDefender     7.0/20040726    found nothing
ClamWin devel-20040719/20040726 found nothing
eTrustAV-Inoc   4641/20040725   found nothing
F-Prot  3.15/20040726   found nothing
Kaspersky       4.0.2.23/20040726       found [I-Worm.Mabutu.a]
McAfee  4381/20040726   found nothing
NOD32v2 1.822/20040726  found nothing
Norman  5.70.10/20040726        found nothing
Panda   7.02.00/20040726        found nothing
Sybari  7.5.1314/20040726       found [I-Worm.Mabutu.a]
Symantec        8.0/20040726    found nothing
TrendMicro      7.000/20040726  found nothing


I-Worm.Mabutu.a and Mydoom.M are the same ?



| We'll try to submit this to Symantec Virus analysists.
|
| If you need further infos, please let me know.
|
| Thanks in advance !
| Best Regards,
|

cheers,
frank

- --
43rd Law of Computing:
~        Anything that can go wr
fortune: Segmentation violation -- Core dumped
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBBVg39Atrv5KxwOwRArX9AJoDAJRvkGc2eentlwxqwXv9L3AVFwCaAmlT
JsFHF4c6rwxmPq7hYqps9m4=
=zX3o
-----END PGP SIGNATURE-----

-- 
#################################################################
                Kelkoo Security Manager / Networks & Systems Architect 
  JID: portsentry () ims kelkoo net / GPG key 1024D/3BFE3FC7 2002-02-07
                 Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
#################################################################
"Those who desire to give up freedom in order to gain security will not
have, nor do they deserve, either one."
    -- President Thomas Jefferson.    1743-1826

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

New Virus / Trojan ? Vincent Jaussaud (Jul 26)
- Re: New Virus / Trojan ? Vincent Jaussaud (Jul 26)
- Re: New Virus / Trojan ? Frank Reppin (Jul 26)
  - Re: New Virus / Trojan ? Vincent Jaussaud (Jul 27)
  - Re[2]: New Virus / Trojan ? Rafael Núñez (Jul 27)
- RE: New Virus / Trojan ? Byrne Ghavalas (Jul 27)
- <Possible follow-ups>
- Re: New Virus / Trojan ? Travis Howe (Jul 26)
  - Re: New Virus / Trojan ? Michael Mucha (Jul 27)