[Dshield] F-Secure Radar2 Alert

Tom dshield at oitc.com
Tue Jan 24 12:47:36 GMT 2006


At 2:18 PM -0600 1/23/06, Micheal Patterson wrote:
>----- Original Message -----
>From: "Mark Tombaugh" <mtombaugh at alliedcc.com>
>To: "General DShield Discussion List" <list at lists.dshield.org>
>Sent: Friday, January 20, 2006 12:23 PM
>Subject: Re: [Dshield] F-Secure Radar2 Alert
>
>
>>  On Fri, 2006-01-20 at 12:16 -0500, Paul Marsh wrote:
>>>  I saw a few of these yesterday, Trend calls it Grew..  Nothing so far
>>>  today, are others seeing it?
>>>
>>>  Thanx, Paul
>>
>>  Looks like this is a new one Paul, at least from the wording at
>>  F-Secure:
>>
>>  "It is similar to the 'Email-Worm.Win32.VB.bi' that was found a few days
>>  ago."
>>
>>  Email-Worm.Win32.VB.bi = VB-8 (Clam) = Nyxem-D (Sophos)
>>
>>  Anyone have a sample? (of the new one) I'd like to check if the sigs for
>>  Nyxem-D at bleedingsnort also hit on this one. tia,
>>
>>  PS - we so need a working cme...
>>
>>  --
>>  Mark Tombaugh
>>
>>
>
>I've had some hits on Clamav that indicate dual infections,  "Two viruses
>were found: Worm.VB-9, Worm.VB-8". I'm still trying to determine if
>Worm.VB-9 is the one referred to in this radar alert.
>

Yes.

Tom
-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
skype: trshaw


More information about the list mailing list