Antivirus: May 2005 Archives

Its new to you

If you haven't seen it, its new to you. That was an old slogan of NBC for their summer rerun season. Well summer rerun season has started at the antivirus firms as they strive to get press coverage.

First we have Panda Software warning of a new hybrid worm. Get this it spreads like a worm and installs a keystroke logger plus downloading more malware. That doesn't sound particularly new to me.

IM viruses have caused many vendors to hop on the media circuit. Yet there is really nothing new here either.

Hackers Holding Internet Files Hostage. As Kaspersky points out, nothing really new here.

I swear I saw an AV vendor breathlessly report that viruses are targeting p2p systems by dropping infected files into likely p2p shared directories.

Next they will be telling me about the "new" horror of macro viruses.

User Education of current threats is one thing. But this is cooking up a press release to drive the stock price higher.

By Roger on May 29, 2005 9:57 PM |

What Not to Do

Over at Broadband reports there is a thread that starts:
"my friend sent me a exe file he said scan this with my antivirus and then no virus so i open this file and two reg line came added this %sytemroot%\mgs.exe %sytemroot%\expolorer.exe to the start up and here the link to this file "

That's one of those things where I wanted to bust out laughing and beat my head against the computer at the same time.
headbang

Just to be clear:
1. Never run viral code unless you know what you are doing. That would typically include a test machine and maybe a test network. At least a good firewall to prevent yourself from infecting others.
2. Just because your antivirus doesn't detect on what you suspect to be a virus, that doesn't mean its a good idea to run it just to see what is done.
3. If you have a file you suspect is a virus, upload it to www.virustotal.com. That will scan it with several antivirus scan engines so you'll have a better idea of what is up.

Perhaps this guy did know what he was doing when he ran the code. It just sounded so odd the way he wrote that so I figured it was a good teachable moment.

By Roger on May 17, 2005 11:14 PM |

5 years ago today

5 years ago today, the infamous loveletter virus was unleashed. This caused many companies to implement smtp server and gateway antivirus to prevent email laden viruses from reaching the user's desktop.

By Roger on May 4, 2005 3:04 PM |

SAV Scan Engines

Over on the MyItForum AV email discussion list, a couple of the regulars reported older versions of Symantec Antivirus (pre version 9) had problems detecting some gaobot varients.

I wondered how this could be. I know that SAV 9 is configured to start earlier that previous versions. This was done to protect against some specific malware tricks. Is this the extra protection they are referring to or do older versions of SAV not get the scan engine upgrades.

Symantec has two types of scanning engines. Security Response AV engines are released throughout the year via liveupdate and intelligent updates. This updates virus detection techniques in the virus defs. You can look at the file properties to see the current version number on the engine binaries (naveng.sys, navex15.sys, navex32a.dll, naveng32.dll).

The Scanning Engine version number that you see in the UI refer to the properties of the navapi32.dll file. This file is involved with boot scanning functionality in the product. This is updated only with new builds of the file not with virus definitions.

Source:
Symantec KB DocID: 2002080609215348

By Roger on May 3, 2005 4:36 PM |
« Antivirus: April 2005 | Main Index | Archives | Antivirus: June 2005 »

Search