The virus engines have updated the naming conventions to reflect the actual payload in the BadTrans virus - there is two entirely different trojan horses, each with a distinct name and both are equally scary in their capabilties.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Markus Sent: Thursday, December 06, 2001 02:20 PM To: [EMAIL PROTECTED] Subject: [Declude.Virus] MISSING_REVERSE_DNS:Goner and/or PWS-gen.Hooker? Hi all, since yesterday we catch a lot of "PWS-gen.Hooker" trojans, but absolutely no "Goner" Our Mcafee engine version is the newest superdat-version from Dec 05: Scan engine v4.1.60 for Win32. Virus data file v4175 created Dec 05 2001 Scanning for 59317 viruses, trojans and variants. (the day before we had the extra-dat-file) In the NAI Virus lib I found under "pws-gen.hooker" : Virus Name Risk Assessment W32/Badtrans@MM Medium Questions: Why some Badtrans-Viri a catched as "W32/Badtrans@MM" and other ones as "PWS-gen.Hooker"? Why my scanner does not catch the goner-virus? Yesterday declude has found around 100 infected messages. I'cant believe that there was no "goner" Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
