[Dshield] F-Secure Radar2 Alert

Micheal Patterson micheal at tsgincorporated.com
Mon Jan 23 20:18:50 GMT 2006


----- Original Message ----- 
From: "Mark Tombaugh" <mtombaugh at alliedcc.com>
To: "General DShield Discussion List" <list at lists.dshield.org>
Sent: Friday, January 20, 2006 12:23 PM
Subject: Re: [Dshield] F-Secure Radar2 Alert


> On Fri, 2006-01-20 at 12:16 -0500, Paul Marsh wrote:
>> I saw a few of these yesterday, Trend calls it Grew..  Nothing so far 
>> today, are others seeing it?
>>
>> Thanx, Paul
>
> Looks like this is a new one Paul, at least from the wording at
> F-Secure:
>
> "It is similar to the 'Email-Worm.Win32.VB.bi' that was found a few days
> ago."
>
> Email-Worm.Win32.VB.bi = VB-8 (Clam) = Nyxem-D (Sophos)
>
> Anyone have a sample? (of the new one) I'd like to check if the sigs for
> Nyxem-D at bleedingsnort also hit on this one. tia,
>
> PS - we so need a working cme...
>
> --
> Mark Tombaugh
>
>

I've had some hits on Clamav that indicate dual infections,  "Two viruses 
were found: Worm.VB-9, Worm.VB-8". I'm still trying to determine if 
Worm.VB-9 is the one referred to in this radar alert.

--

Mike P.




More information about the list mailing list