Subject: Encrypted Mail System - New Worm

[DavidR]

Yes very interesting.

[FreewheelinFrank]

Got a new variant in my mailbox today. Symantec missed it again. Antivir and AVG's generic definitions picked it up but avast! missed it.

[Lisandro]

Got a new variant in my mailbox today. Symantec missed it again. Antivir and AVG's generic definitions picked it up but avast! missed it.

Will I see the day that NOD32 and Kaspersky do not detect a malware? 

[Dwarden]

well i yesterday got another new variant (not subvariant) ... oh well

[FreewheelinFrank]

I think I was wrong to call the file I got a new variant: rather each HTML file sent out is different because this is a polymorphic worm.

In another thread we read that avast! has successfully identified the polymorphic virus Polipos: a generic detection of this worm (which Antivir and AVG manage) is needed.

No rest for the virus analyst!!

[FreewheelinFrank]

Well, Ewido added this sample after 24 hours. If it is a polymorphic worm and every sample is different, then adding a definition for every sample submitted rather than developing a generic definition may not be particularly effective in preventing infection, but it is impressive that they can respond so quickly...

[Dwarden]

and another two variants EG and GM ...

and You know what sux,  Antivir with last database update 20.4.2006 is able detect most of them

yes Avast! not , oh well

[FreewheelinFrank]

Igor did some good work in detecting the polymorphic virus Polipos:

http://forum.avast.com/index.php?topic=20859.0

But at the moment both Antivir and AVG's generic detections are managing to catch Feebs, and avast! is not doing so well.

[Dwarden]

todays 0619-2 added some Feeb variants and was able detect 3 from my list ...

yet there are still 4 variants (28 different files) undetected  ...

[FreewheelinFrank]

avast! is now on a par with CAT-QuickHeal, F-Prot and UNA:



What happened guys?    :'(

[FreewheelinFrank]

Still undetected. 

Should I send this again? 

[Lisandro]

Still undetected. 
Should I send this again? 

Frank... you know this won't be necessary.
I wish they take your sample in account and improve detection 

[FreewheelinFrank]

Well, I've just sent the original Feebs plus the later variant (which also remains undetected) again. I hope avast! can add them, or preferably improve its generic detection, because it seems to be way behind almost every other AV. 

[FreewheelinFrank]

Well, 10 months now, and still not detected. Is this a record?

The only change is that AntiVur no longer detects this file. Weird!

[FreewheelinFrank]

Finally got a detection today for one of these files:



However, the other file is still missed.

I'll try submitting it through the chest and see if we can better 10 months before detection this way.