A virus by any other name would stink just as much: http://isc.sans.org/diary.php?rss&storyid=1051
Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler > Sent: Tuesday, January 17, 2006 2:54 PM > To: [email protected] > Subject: RE: [Declude.Virus] New Virus? > > I've seen many of this Kapser.A today. I've added it to the > forging virus list and (oops) forgot to write it on the > Declude.Virus list. > > As we can see more and more that AV-Companies has forgotten > how to call one Virus using one name we should maybe begin to > enhance their naming convention by an initial name of the av-company. > > Something like: F-Prot>W32/[EMAIL PROTECTED] > > Markus > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Colbeck, Andrew > > Sent: Tuesday, January 17, 2006 11:21 PM > > To: [email protected] > > Subject: RE: [Declude.Virus] New Virus? > > > > A kapser was detected on my F-Prot based system today. > > > > I'm attaching the output of the scan from virustotal.com for your > > interest. > > > > I also scanned it with my TrendMicro which detects it by a different > > name: > > > > http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VNam > > e=WORM%5FG > > REW%2EA > > > > You might add: > > > > FORGINGVIRUS KAPSER > > FORGINGVIRUS GREW > > FORGINGVIRUS WORM > > > > To your virus.cfg to cover the various naming conventions in the > > various engines, particularly that last one. > > > > I'll submit the virus to Symantec if someone could point me to the > > right way to do that; they're the only big name that doesn't detect > > this malware. > > > > Andrew. > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer > > > Sent: Monday, January 16, 2006 12:42 PM > > > To: [email protected] > > > Subject: RE: [Declude.Virus] New Virus? > > > > > > I think this started happening after I updated my F-prot > > virus defs to > > > 16th. > > > Does anyone else see this? > > > > > > Mark Reimer > > > IT Project Manager > > > American CareSource > > > 214-596-2464 > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Mark Reimer > > > Sent: Monday, January 16, 2006 12:32 PM > > > To: [email protected] > > > Subject: [Declude.Virus] New Virus? > > > > > > > > > I saw an entry in my virus log to day for [EMAIL PROTECTED] > > > Has anyone else seen this? I cannot find any information on it. > > > > > > Mark Reimer > > > IT Project Manager > > > American CareSource > > > 214-596-2464 > > > > > > > > > --- > > > [This E-mail has been scanned for viruses] > > > > > > --- > > > [This E-mail was scanned for viruses by Declude EVA > www.declude.com] > > > > > > --- > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, > > > just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". The archives can be found > > > at http://www.mail-archive.com. > > > --- > > > [This E-mail has been scanned for viruses] > > > > > > > > > > > > > > > --- > > > [This E-mail has been scanned for viruses] > > > > > > --- > > > [This E-mail was scanned for viruses by Declude EVA > www.declude.com] > > > > > > --- > > > This E-mail came from the Declude.Virus mailing list. To > > unsubscribe, > > > just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.Virus". The archives can be found > > > at http://www.mail-archive.com. > > > > > > > --- > [This E-mail was scanned for viruses by Declude EVA www.declude.com] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
