View Single Post
  #2 (permalink)  
Old June 21st, 2005
kmag kmag is offline
Enthusiast
 
Join Date: June 21st, 2005
Posts: 49
kmag is flying high
Default Please send a copy to ant-virus labs to help stop this virus

[New Info]
This is malware has been identified as
Worm.Win32.VB.an, the "AN Worm", sometimes called the "Zodiak Worm".

I was able to obtain a sample of this malware. I got free trial versions of both Norton Anti-virus and Kaspersky Anti-virus from Downoad.com.

Norton's 6/22/2005 virus definition library misses this malware.

Kaspersky catches it and quarantines it.

http://www.download.com/3120-20_4-0.html?qt=kaspersky

Let us all know if you find any other anti-virus scanners that catch this worm. It might be a new variant, because Norton's website claims they've been able to catch this worm since October 2003.

[End of New Info]

I sent an email to Kaspersky Labs antivirus yesterday about this virus and got an email back from one of their virus analysts. However, I haven't been infected and so I wasn't able to provide them with a sample of the virus.

If you'd be so kind as to help prevent others form getting this virus, please make a password-protected zip (or rar) file containing any viral files you are about to delete. The password should be "infected" and it should be mailed to NewVirus@kaspersky.com, with a subject of KLAB-571146.

It's my understanding that the major anti-virus labs have informal agreements about sharing new viruses with eachother.

If you're extra motivated to help stop this virus, TrendMicro anti-virus has a web submission form at http://subwiz.trendmicro.com/SubWiz/...sp?opgWizard=7 . Presumably TrendMicro wants the winupdates file instead of the password protected zip file.

Unfortunately, it looks like Symantec/Norton Anti-Virus requires you to use Norton Anti-Virus to send in samples instead of using plain old email. If you have Norton Anti-virus, please by all means use Norton Anti-virus to send Symantec/Norton a copy of winupdates.

McAfee Anti-virus's website gives me the impression that there's no way for the average person to send them samples of suspected viruses.

Last edited by kmag; June 24th, 2005 at 09:12 PM.
Reply With Quote