Update (daily: 134)

ClamAV database updated (2004.02.18 10:14 GMT): daily.cvd, viruses.db2
Version: 134

Submission: 714-web
Sender: Bloed
Virus: friendgreet
Added: no
Note: Not a real worm, the setup asks the user 2 times if it´s ok that it 
starts to send mail. The company behind this "product" doesn´t exist anymore 
and the worm isn´t active.

Submission: 1077-web
Sender: Jerrin
Virus: Unknown Virus
Added: No
Note: damaged zip-archiv with a damged, upx´ed SCO.A

Submission: 1186-web
Sender: Andy Fiddaman
Virus: Unknown Virus
Alias: Trojan.Win32.Rootkit.b (KAV)
Added: Trojan.Rootkit.b
Notes: The file starts to listen on port 8721 and offers a remote-shell.

Submission: 1190-web
Sender: Axel Dunkel
Virus: Trojan.URLspoof.gen (false)
Added: no
Notes: The sample contained a spoofed URL, contacted the sender.

Submission: 1191-web
Sender: Tobias Bauer
Virus: Unknown Virus
Added: no
Notes: Worm.Torvil.D - already detected with --mbox, sender contacted

Submission: 1194-web
Sender: Jesper Juhl
Virus: I-Worm.Prosac
Alias: I-Worm.Paroc.b (KAV), Win32.Prosac.12288 (DrWeb), Win32/Paroc.A@mm (RAV)
Added:Worm.Paroc.B

Submission: 1197-web
Sender: Jesper Juhl
Virus: Win32.Mimee
Added: no
Notes: After unpacking (w32.mimee.zip->w32.mimee.rar->w32.mimee.exe) the virus 
was detected by clam.

Submission: 1198-web
Sender: Doug Hardie
Virus: Doom (?)
Added: no
Note: The mail maybe contained a virus but it was modified (cleaned) by Norton 
already.

Submission: 1202-web
Sender: Diego Ercolani
Virus: Unknown Virus
Added: no
Notes:The file contains a large list with mail adresses with some binary bytes, 
it´s not realy executable.

Submission: 1203-web
Sender: Jesper Juhl
Virus:I-Worm.Vale
Alias: VBS.Generic.61 (DrWeb), BAT/Vale (RAV), I-Worm.Vale (Kaspersky)
Added: Worm.Bat.Vale

Submission: 1205-web
Sender: Jesper Juhl
Virus: I-Worm.Santa
Alias: I-Worm.Santa (KAV), VBS.Jean (DrWeb), VBS/Jean.A@xxxxxx (RAV), 
Vbs.Jean.A (Ikarus)
Added: Worm.Vbs.Jean

Submission: 1207-web
Sender: Jesper Juhl
Virus: VirTool.TLSDemo2
Added: VirTool.TLSDemo-2

Submission: 1208-web
Sender: Jesper Juhl
Virus: Win32.HLL.Sandwich
Alias: Win32.Hllp.Alcaul.B (Ikarus), Win32/HLLP.Alcaul.B (RAV), 
Win32.HLLP.Alcaul.b (KAV), Win32.HLLP.Alcopaul.12288 (DrWeb)
Added: W32.HLLP.Alcaul.B

Submission: 1209-web
Sender: Jesper Juhl
Virus: Win32.HLL.Wormmars
Alias: I-Worm.Mars (KAV/Ikarus), Win32/Gubed.A@mm (RAV), Win32.HLLM.Generic.61 
(DrWeb)
Added: Worm.Mars

Submission: 1211-web
Sender: James Love
Virus: Win32.HLLM.Generic.238
Alias: I-Worm.Zezer.B (Ikarus), Win32/HLLW.Zoder.B (RAV), 
Win32.HLLM.Generic.238 (DrWeb), I-Worm.Zezer.b (KAV)
Added: Worm.Zezer.B

Submission: 1212-web
Sender: James Love
Virus: Win32.HLLM.Generic.238
Added: Worm.Zezer.A

Submission: 1214-web
Sender: James Love
Virus: Win32.HLLM.Generic.189
Alias: I-Worm.Ganter.A (Ikarus), Win32/Gant.B@mm (RAV), I-Worm.Ganter.a (KAV)
Added: Worm.Ganter.A

Submission: 1216-web
Sender: James Love
Virus: Win32.HLLM.Generic.197
Alias: Win32.HLLM.Generic.197 (DrWeb), Win32/Gant.D@mm (RAV), Win32/OutSid.C 
worm (NOD32)
Added: Worm.Ganter.C

Submission: 1217-web
Sender: James Love
Virus: Win32.HLLM.Generic.212
Added: Worm.Ganter.D

Submission: 1218
Sender: James Love
Virus: I-Worm.Redist.b
Alias: I-Worm.Redist.b (KAV), Win32.HLLM.Generic.213 (DrWeb), Win32/OutSid.E@mm
Added: Worm.Redist.B

Submission: 65-mail
Sender: Awie
Virus: W32.Swen.A@mm
Added: no
Notes: Worm.Gibe.F detected

Submission: 1235-web
Sender: Tobias Oetiker
Virus: Unknown Virus
Added: Worm.SomeFool
Notes: File uses the same icon as a word document,double extension (.rtf.pif 
i.e.),starts to massmail with a own smtp engine, drops a 'services.exe' in the 
%windows% folder. Name could be changed later.


  

-- 
Best regards,
 Christoph                          mailto:ib@xxxxxxxxxxxxxx



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click