Update (daily: 137)

ClamAV database updated (2004.02.23 19:56 GMT): daily.cvd, viruses.db2
Version: 137

Submission: 1204-web
Sender: Jesper Juhl
Virus: I-Worm.Zircon.c.dam
Added: no
Notes: This is a damged sample of the Zircon.c worm, the binary can´t be 
executed and is not dangerous.

Submission: 1206-web
Sender: gary cox
Virus: Unknown Virus
Added: no
Notes: The mail that the file was attached to has a somehow strange format, if 
someone opens it in Outlook he/she will get a invalid binary file. After Tomasz 
Papszun opened it in mutt and saved the attachment, clam found the Yaha.K

Submission: 1236-web
Sender: Giacomo Cariello
Virus: W32.Beagle.B@mm
Added: no
Notes: The sample is a CryptFF-encrypted file, it contains a Bagle.b sample. 
This encryption seems to be used by Symantec for quarantined files.

Submission: 1249-web
Sender: Michael St. Laurent
Virus: Unknown Virus
Added: no
Notes: seems to be some damged binary/message

Submission: 1251-web
Sender: Jesper Juhl
Virus: Worm.IRC.Desire.A
Added: Worm.IRC.Desire.A
Notes: signature by Jesper Juhl

Submission: 1266-web, 1267-web, 1268-web
Sender: Luiz Cordeiro
Virus: Various samples
Added: Trojan.Spybot.gen-1
Added: Trojan.Spybot.gen-2
Added: Trojan.Spybot.gen-3
Added: Trojan.Spybot.gen-4
Added: Trojan.Spybot.gen-5
Added: Trojan.Spybot.gen-6
Added: Trojan.Spybot.gen-7
Added: Trojan.Spybot.gen-8
Added: Trojan.Spybot.gen-9
Added: Trojan.Spybot.gen-10
Added: Trojan.Spybot.gen-11
Added: Trojan.Spybot.gen-12
Added: Trojan.Spybot.gen-13
Added: Trojan.Spybot.gen-14
Added: Trojan.Spybot.gen-15
Added: Trojan.Spybot.gen-16
Added: Trojan.Spybot.gen-17
Added: Trojan.Spybot.gen-18
Added: Trojan.Spybot.gen-19
Added: Win32.Xorala

Submission: 1291-web
Sender: Tobias Oetiker
Virus: Unknown Virus
Added: no
Notes: Broken binary found

Submission: 1295-web
Sender: James Love
Virus: Trojan.Win32.Longbe
Added: Trojan.W32.Longbe

Submission: 1296-web
Sender: James Love
Virus: Dialer.B
Alias: Trojan.Win32.Dialer.e
Added: Trojan.W32.Dialer.E

Submission: 1300-web
Sender: jim Hays
Virus: worm.netsky.b
Added: no
Notes: the sample contains a 0-byte file as attachment -nothing to detect. 
Maybe aready "cleaned" by another scanner or just a broken mail.

Submission: 1301-web
Sender: Jim Hays
Virus: worm.netsky.b
Added: no
Notes: The sample is an empty archive, only 22 byte, sender contacted

Submission: 1310-web
Sender: Sandu
Virus: Trojan.Adclicker
Alias: TrojanClicker.Win32.VB.p (KAV), Trojan.Unlair (DrWeb)
Added: Trojan.Unlair

Submission: 1312-web
Sender: Sandu
Virus: W32.Manifest.Trojan
Added: Trojan.Manifest

Submission: 1315-web, 1316-web
Sender: Sandu
Virus: Worm.Dumaru.A, Worm.Palyh.A
Added: no, already detected
Notes: The submitted sample-mails contain an extra header-line, added by a 
Symantec Scanner. ClamAV is not able to parse this mails at the moment. The 
samples have been forwarded to the developers.

Submission: 1325-web, 1327-web, 1328-web, 1329-web
Sender: Peter Hegedus, Daniel Baker, David Jonas
Virus: Unknown Virus
Alias: Win32/Mydoom.F@mm (RAV), Win32.HLLM.MyDoom.based (DrWeb), 
I-Worm.Mydoom.e (KAV)
Added: Worm.MyDoom.E.UPX
Notes: This is a variant of the original MyDoom worm,packed with UPX.

Submission: 1326-web
Sender: Zeljko Jovanovic
Virus: I-Worm.Moodown.b (W32.Netsky.B)
Added: no
Notes: The sample is a damaged NetSky.B binary. I was not able to execute this 
file.

Submission: n/a
Sender: Christoph
Virus: Various
Added: Trojan.WinREG.StartPage
Added: VirTool.W32.Koone
Added: TrojanDownloader.Koone.FSG
Added: TrojanDownloader.Koone
Added: VirTool.W32.Veritas
Added: TrojanDownloader.W32.Veritas 
Added: Trojan.Sinuplod-cli
Added: Trojan.Sinuplod-srv
Added: Trojan.Elfrit.12-srv
Added: Trojan.Elfrit.12-srv.UPX
Added: Trojan.Elfrit.12-cli
Added: Trojan.Helios.25-srv
Added: Trojan.Helios.25-cli
Added: Trojan.Helios.25-Edit

-- 
Best regards,
 Christoph                          mailto:ib@xxxxxxxxxxxxxx



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click