There were two or three variants of that Trojan (not strictly a virus) spammed out on the 18th, with one or more variants pushed out a day later (sample submitted, still waiting for the updated patterns for that).
Trojan-downloader.647 was one of the variants. If you keep your eye on whatever virus alert messages you produce it should be pretty obvious which ClamAV name relates to malware in the news. It's not a trivial task to produce a dictionary of malware cross-referencing all the vendors' pet names for them, and I for one would rather the effort went into catching the malware rather than naming it. Cheers, Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Jones Sent: Saturday, January 20, 2007 1:26 AM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Longer writeup on new viruses that Clam has detected? My users sometimes forward me news stories on new viruses. I want to reassure them that Clam is catching this virus, but I'm not quite sure how. Example: a user sent me a story on a virus that I'm pretty sure is Trojan.Downloader-647, but I couldn't find a web-page describing this virus. Is there such a thing? Basically, I'm looking for a short Symantec-like writeup (or even a link to Symantec's writeup) saying things like: This virus was first detected 18 Jan 2006. The subject lines for this virus are: "A killer at 11, he's free at 21...", "U.S. Secretary of State Condoleezza Rice has kicked...", "230 dead as storm batters Europe", "Naked teens attack home director", etc. The virus contains an attachment called "Full Story.exe" That sort of thing. It would also be nice to type in a virus subject and see all Clam signatures/viruses matching that subject (I realize some viruses have random subjects, but many/most do have a finite list of subjects or at least adhere to a pattern). Any thoughts? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
