-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, I've been examining some systems with Clamav (current scanning
engine and defs) and have encountered Trojan.URLspoof.gen.2 on
several. Information on this malware appears to be somewhat limited.
http://www.viruslist.com/en/find?
search_mode=virus&words=Trojan.URLspoof.gen.2
One of the references from viruslist.com points to this page at McAfee:
http://vil.nai.com/vil/content/v_100927.htm#tab2
This malware is appearing in the pagefile.sys and hiberfil.sys files
on various XP systems. Interestingly, f-prot and bit defender (Linux
versions) do not detect this malware. This makes me wonder if this is
a false-positive...
Does anyone know anything more about this malware? Is its presence
indicative of a successful exploit, or is it an active threat by itself?
Cheers,
Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFFJKKLawIPa3CTKK8RAk+cAJ9qLApD8pw/KSVPodBrwwpkqz5eLACeOiaa
1Yd+i9pPd3rBDTGiWbC5mhs=
=tLQm
-----END PGP SIGNATURE-----
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
