查看: 4197|回复: 13
收起左侧

[讨论] 讨论一下eset的入库更新的公布机制

[复制链接]
傻猪猪米走鸡
发表于 2008-8-30 09:59:00 | 显示全部楼层 |阅读模式
中国北京时间今天的3400和3401更新的病毒,明列出来的不多,只有以下一些:

NOD32 - v.3401 (20080829)
Virus signature database updates:
Win32/Kryptik.I, Win32/Spy.Agent.NIO, Win32/Spy.Agent.NIP, Win32/TrojanDownloader.FakeAlert.HX
NOD32 - v.3400 (20080829)Virus signature database updates:
Win32/Adware.NaviPromo, Win32/Adware.Vapsup, Win32/Adware.Vapsup.AS, Win32/Agent.ODA (2), Win32/Agent.ODB (2), Win32/AutoRun.KS, Win32/Bagle.PQ (2), Win32/Bagle.PR (3), Win32/Inject.NBM (2), Win32/Kryptik.H, Win32/PSW.OnLineGames.NNM (2), Win32/Sality.NAT, Win32/Spy.Agent.PZ, Win32/Spy.Nuklus.G, Win32/TrojanDropper.Agent.NNA (2), Win32/Virut.BL


但当我进行扫描过往剩下样本的时候,发现小小的清了一次仓:

Scan Log
Version of virus signature database: 3401 (20080829)
Date: 2008-8-30  Time: 9:21:04
Scanned disks, folders and files: F:\virus\
F:\virus\0816-1154[1]\0816-1154\kr3.int3 - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\0816-1154[1]\0816-1154\upAYB.int2 - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\1[1]\1.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\install_player\install_player.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\sysdrvwin\sysdrvwin.exe - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\8.17\systhosts\systhosts.exe - a variant of Win32/Kryptik.H trojan - cleaned by deleting - quarantined [1]
F:\virus\8.19\test20[1]\18 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.19\test20[1]\4 - probably a variant of Win32/Inject trojan - cleaned by deleting - quarantined [1]
F:\virus\8.19\x6\schrars.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-3-3.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-4-0.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-4-2.exe - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A1-0.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A1-2.exe - probably a variant of Win32/TrojanClicker.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A1-5.exe - probably a variant of Win32/TrojanDropper.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A2-23.exe - probably a variant of Win32/Qhost trojan - cleaned by deleting - quarantined [1]
F:\virus\8.22\Kafan VirList[080821]\080821-A2-51.exe - probably a variant of Win32/TrojanDownloader.Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\8.24\Kafan VirList[080823]\Kafan VirList[080823]\080823-1-2.exe » ASPack v2.12 - unpack error
F:\virus\8.24\Kafan VirList[080823]\Kafan VirList[080823]\080823-A1-95.exe - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\8.29\abc\abc.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Agent.163840.B9E15191.v.VaildPE.exe - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Agent.45568.61623543.v.VaildPE.exe - a variant of Win32/Kryptik.H trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Agent.l.705024.468A5C1E.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Bifrose.81408.ED7DC507.v - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Bifrose.92672.DB7F0D8A.v - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.1159168.F88DAB5C.v.VaildPE.exe » ASPack v2.12 - unpack error
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.392704.3BDA0B96.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.81920.D6784260.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Huigezi.839680.AA8B5D27.v.VaildPE.exe - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.IRCBot.41984.0063CA11.v.VaildPE.exe - probably a variant of Win32/IRCBot trojan - cleaned by deleting - quarantined [1]
F:\virus\BackdoorServerDB\Win32.Hack.Jusi.gq.380928.4D27E2FB.v.VaildPE.exe - probably a variant of Win32/Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\d\f.exe - probably a variant of Win32/TrojanClicker.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0056.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0057.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0065.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0067.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0079.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0089.exe@ - probably a variant of Win32/TrojanDropper.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0101.exe@ - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0119.exe@ - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0246.exe@ - probably a variant of Win32/Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0260.exe@ - probably a variant of Win32/Rootkit trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\200806Malware-List\200806-0800.exe@ - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\10C57287 - probably a variant of Win32/DNSChanger trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\121D28CD - probably a variant of Win32/TrojanDownloader.Banload trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\131C518 - probably a variant of Win32/TrojanProxy.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\17F8C1C2 - probably a variant of Win32/Adware.Virtumonde application - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\2C46BF72 - probably a variant of Win32/TrojanDownloader.Banload trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\2F07B9F7 - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\3025D0BB - probably a variant of Win32/TrojanDownloader.Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\31DA4FC2 - probably a variant of Win32/Obfuscated trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\43928177 - probably a variant of Win32/TrojanDownloader.Small trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\5536282E - probably a variant of Win32/PcClient trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\5B17CE4C - probably a variant of Win32/TrojanDownloader.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\67FE73A9 - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\6AA4AEE7 - probably a variant of Win32/Inject trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\6BD7F9D5 - probably a variant of Win32/PcClient trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7074C68F - probably a variant of Win32/TrojanDropper.Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\74A489ED - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7833051D - probably a variant of Win32/TrojanProxy.Horst trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7B1FE7A4 - probably a variant of Win32/Spy.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7C623D25 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\7D6235DE - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\815810FD - probably a variant of Win32/PSW.OnLineGames trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\85940B2 - probably a variant of Win32/PSW.OnLineGames trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\87533FFC - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\8C402E38 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\8FC65812 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\99F287AC - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\A23AB7E6 - probably a variant of Win32/Rootkit trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\A5305FA6 - probably a variant of Win32/TrojanDownloader.Banload trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\B222EFF0 - probably a variant of Win32/PSW.OnLineGames trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\B96B596A - probably a variant of Win32/Bifrose trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\CCC209F0 - probably a variant of Win32/Spy.Banker trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\D2A8B169 - probably a variant of Win32/PcClient trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\DA911919 - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\F0DFB63B - probably a variant of Win32/Small trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\F8A9B3B6 - probably a variant of Win32/Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\Old samples\卡饭样本区_900\卡饭样本区_900_Q\FDE0074E - probably a variant of Win32/TrojanDownloader.Delf trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\0.exe@ - probably a variant of Win32/Hupigon trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\19.exe@ - probably a variant of Win32/TrojanDropper.Agent trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\29.exe@ - probably a variant of Win32/TrojanDownloader.VB trojan - cleaned by deleting - quarantined [1]
F:\virus\无限抽筋中\无限抽筋中\无限抽筋中\53.exe@ - probably a variant of Win32/TrojanDownloader.Agent trojan - cleaned by deleting - quarantined [1]
Number of scanned objects: 487
Number of threats found: 81
Number of cleaned objects: 81
Time of completion: 9:29:58  Total scanning time: 534 sec (00:08:54)
Notes:
[1] Object has been deleted as it only contained the virus body.


如大家所见,有一些例如obfuscated木马和灰鸽子,并没有列入更新的名单中,而3399也只是写swizzor(我不太懂得swizzor跟obfuscated的区别)。但之前提到的两次升级,一共有300多kb,是不是就像之前那个8m、10m那样子包含了没有列出来而背后作出的更新??高启引擎没有变化,还是8月3日的。

上面很多probably a variant of 就是通过启发搞出来的,我也想起m以前说过eset根本没入库,只是启发打擦边球。这点有些道理。然而从另外一个角度来说,eset会不会在入库或引擎更新的时候,如果一条好的启发能够使某一堆病毒被probably a variant of 那就算是都入库呢(注意是有probably的)?eset的threatsense会继续收集probably a variant of 或者是a variant of 这两类。genetik也会搜集,但是eq跟我说过那是什么已经侦测的垃圾代码不用上报给他了(当时是上报给他。他一直到现在为了eset对于中国的事情花了很多心血),那收集有什么用呢?很多人也反映过unknown_PE virus软件它自己上报了,半年后还是unknown_PE virus……

但是话说回来,这两次更新值得赞一下哦……启发有进步了一点点……哎eset现在已经不是退步了,而是别的其他很多杀软都进步了(像卡巴2009 100%主防很令我敬佩,但我也觉得主防会为普通不懂电脑的用户造成困扰),eset要加快步伐啊……


[ 本帖最后由 傻猪猪米走鸡 于 2008-8-30 10:43 编辑 ]

评分

参与人数 1人气 +1 收起 理由
zwl2828 + 1 谢谢猪猪让我们更了解ESET。

查看全部评分

wusuobuzai
发表于 2008-8-30 10:27:04 | 显示全部楼层
其实说来说去,还是说的NOD32的病毒库问题....
NOD32主要依靠的是启发式,而其他的杀软只是将启发作为辅助查杀....
傻猪猪米走鸡
 楼主| 发表于 2008-8-30 10:37:59 | 显示全部楼层
难道要联想卖衣服……哎……没办法啦……
呵呵,本性难移,而且现在都做得不错啊,kafan virlist都会不时上一下90%了……
东海林将司
发表于 2008-8-30 10:42:50 | 显示全部楼层
什么时候把E盾收购了
傻猪猪米走鸡
 楼主| 发表于 2008-8-30 10:45:05 | 显示全部楼层
跟更多国内教育事业合作才是王道!
wusuobuzai
发表于 2008-8-30 10:47:47 | 显示全部楼层
原帖由 傻猪猪米走鸡 于 2008-8-30 10:45 发表
跟更多国内教育事业合作才是王道!

以后NOD32就成为教育业的师奶级杀软..
傻猪猪米走鸡
 楼主| 发表于 2008-8-30 10:51:34 | 显示全部楼层
只要Threatsense的效率能够再提高……一切都有可能……
与学校合作,从娃娃抓起……国外的杀软里面卡巴斯基已经很早就干这个了,效果不错啊……诺顿在更早之前就……发达了……macfee企业版,我高中的一部分老师还在用呢……不过是上一代的版本……
woai_jolin
发表于 2008-8-30 10:53:54 | 显示全部楼层
很早就知道这个了
eset不会把所有的更新都公布的 每次都是
傻猪猪米走鸡
 楼主| 发表于 2008-8-30 11:03:19 | 显示全部楼层
很多时……更新页面显示一大堆列表的时候……往往没怎么清仓……
反而小小的几行字,暗地里的动作往往非常大!
wusuobuzai
发表于 2008-8-30 11:32:56 | 显示全部楼层
原帖由 傻猪猪米走鸡 于 2008-8-30 11:03 发表
很多时……更新页面显示一大堆列表的时候……往往没怎么清仓……
反而小小的几行字,暗地里的动作往往非常大!

ESET NOD32在不停的调整病毒库~!以保持它病毒库不会变的很大~!
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-28 19:14 , Processed in 0.135096 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表