Another Mytob variant

[Art]

Another zip file got past my ISP's av scanner this morning. I think
they use a Symantec product. The Virus Total result is below:

This is a report processed by VirusTotal on 11/27/2005 at 14:44:46
(CET) after scanning the file "information.zip" file.

AntiVir HEUR-DBLEXT/Worm.Gen
Avast no virus found
AVG no virus found
Avira HEUR-DBLEXT/Worm.Gen
BitDefender Backdoor.SDBot.FCF9AB12
CAT-QuickHeal (Suspicious) - DNAScan
ClamAV Worm.Mytob.GH
DrWeb Win32.IRC.Bot.based
eTrust-Iris Win32/RBot.Variant!Worm
eTrust-Vet Win32.Mytob!ZIP!generic
Fortinet no virus found
F-Prot no virus found
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Net-Worm.Win32.Mytob.cu
McAfee Generic Malware.a!zip
NOD32v2 a variant of Win32/Wootbot
Norman W32/Suspicious_M.gen
Panda no virus found
Sophos W32/Forbot-Fam
Symantec no virus found
TheHacker W32/Generic!zip-dobleextension
VBA32 suspected of Backdoor.Agent.12

Art

http://home.epix.net/~artnpeg

 

[Max Wachtel]

(e-mail address removed) AKA Art on 11/27/2005 in

Another zip file got past my ISP's av scanner this morning. I think
they use a Symantec product. The Virus Total result is below:

This is a report processed by VirusTotal on 11/27/2005 at 14:44:46
(CET) after scanning the file "information.zip" file.

AntiVir HEUR-DBLEXT/Worm.Gen
Avast no virus found
AVG no virus found
Avira HEUR-DBLEXT/Worm.Gen
BitDefender Backdoor.SDBot.FCF9AB12
CAT-QuickHeal (Suspicious) - DNAScan
ClamAV Worm.Mytob.GH
DrWeb Win32.IRC.Bot.based
eTrust-Iris Win32/RBot.Variant!Worm
eTrust-Vet Win32.Mytob!ZIP!generic
Fortinet no virus found
F-Prot no virus found
Ikarus Backdoor.Win32.Rbot.Gen
Kaspersky Net-Worm.Win32.Mytob.cu
McAfee Generic Malware.a!zip
NOD32v2 a variant of Win32/Wootbot
Norman W32/Suspicious_M.gen
Panda no virus found
Sophos W32/Forbot-Fam
Symantec no virus found
TheHacker W32/Generic!zip-dobleextension
VBA32 suspected of Backdoor.Agent.12

Art

http://home.epix.net/~artnpeg

Did everyone notice?
Avast no virus found
AVG no virus found
Panda no virus found
Symantec no virus found

Thanks Art for that eye-opening AV comparison. BTW,did you get
infected? No? I wonder what AV I should use? hmmmmm....... Perhaps I
shouldn't rely on my AV to keep me safe.
max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Playing Nice on Usenet: http://oakroadsystems.com/genl/unice.htm#xpost
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

 

[David H. Lipman]

From: "Max Wachtel" <[email protected]>

|
| Did everyone notice?
| Avast no virus found
| AVG no virus found
| Panda no virus found
| Symantec no virus found
|
| Thanks Art for that eye-opening AV comparison. BTW,did you get
| infected? No? I wonder what AV I should use? hmmmmm....... Perhaps I
| shouldn't rely on my AV to keep me safe.
| max

Sure did. It's a pattern I see often.

 

[Fenton]

Sure did. It's a pattern I see often.

Curious: Was this a file you opened and executed?

 

[Art]

Did everyone notice?
Avast no virus found
AVG no virus found
Panda no virus found
Symantec no virus found

Thanks Art for that eye-opening AV comparison. BTW,did you get
infected?

Of course not.

No? I wonder what AV I should use? hmmmmm....... Perhaps I
shouldn't rely on my AV to keep me safe.

No "maybe" about it. You definitely should not. Anyone who relies on
av for protection will take hits.

In this case it was a unsolicited email attachment. You simply delete
them. That's all there is to it If you solicit a attachment, don't
trust it, and don't trust the sender to know what he/she is doing.
Wait a few days days and then submit the file to Virus Total for
scanning. Or at least use a av that has the Kaspersky scan engine
for scanning suspect files on demand.

Art

http://home.epix.net/~artnpeg

 

[David H. Lipman]

From: "Fenton" <[email protected]>

|
| Curious: Was this a file you opened and executed?

Are you kidding ? No.

I handle many computer infectors but I have "never been infected."
Besides the fact that I practice Safe Hex, I study these little buggers.
I have submitted many infectors to Virus Total and subsequently examined many reports.
From the Virus Total reports, one can begin to see a companies pattern of recognition.

It is interesting to note the speed of recognition subsequent to a sample submission. For
example, ClamAV is the slowest to put out signatures unless there is some mass breakout.
Kaspersky on the hand is the quickest with signatures being created in a matter of hours.
The average for some is 2 ~ 3 business days.

http://www.virustotal.com/flash/index_en.html

 

[John Coutts]

Thanks Art for that eye-opening AV comparison. BTW,did you get
infected? No? I wonder what AV I should use? hmmmmm....... Perhaps I
shouldn't rely on my AV to keep me safe.
max
--

********* REPLY SEPARATER **********
I personally have never used AV software for any length of time, and have never
been infected with a virus. Because of the type of computer work that I do, it
always seems to end up creating a conflict. For the inexperienced user however,
AV software is a good back stop measure. But it should never be considered a
replacement for common sense and good operating practice.

J.A. Coutts