>...
>RE: missed by great AV programs
>
>SEE:
>http://www.pvsys.com/missedvirus.txt
>
>This came in today and I ran this against ClamAV, McAfee, Sophos... all with
>the latest definitions
>
>(at least as of the time that I write this, 9/19/05 3:45 pm EST).
>
>It is strange that NONE of these 3 catch this message which I'm pretty sure is
>a virus (am I wrong?).
>
>Could I have made a mistake from lack of sleep?
>
>Can anyone else verify this? If my report is correct, does anyone know of an
>anti-virus program which currently catches this particular virus?
>
>(keeping in mind that these I'm mentioned may catch up by the time you read
>this)
>
>Rob McEwen
>PowerView Systems
>[EMAIL PROTECTED]
>(478) 475-9032
>
Someone went to a lot of work to *slightly* change all the
signatures recognized by the AV programs. It is a "loader" that
goes out and grabs the rest of the payload from another host.
BTW. did you notice that the date in the encoded ".zip" file is
tommorow! Otherwise, it looks just like the fake "news" loaders
of last month.
I'm sure it will be caught by all of them in a day or two, but
it is a very nice piece of work.
Paul Shupak
[EMAIL PROTECTED]
