Does the mytob.gh signature match on most morphine/mew packed
binaries? Bagle.BB-gen matches all pex packed binaries that are not
infected (notepad and wordpad included) and the pex packer binary
itself as Bagle.BB-gen, so I suspect that this mytob signature might
be doing the same thing.
Clam, in a similar way, detects the morphine packer itself as
mytob.gh and it is not infected. What is the sig targeting?
______________________________________________________
Yahoo! for Good
Donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
