ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
MDB Signature For Iranian Threat Tool
GuitarBob


Joined: 09 Jul 2006
Posts: 4569
Location: USA
Reply with quote
Below is an MDB signature for ClamWin users for a tool developed by an Iranian advanced threat group to hack Microsoft Exchange email. The tool was "acquired" by some virus researchers that target this threat group. The signature might be helpful for any business/government users of ClamWin from which Iran might be interested in stealing information, particularly in the Middle East.

Copy the signature(s) to a Notepad file and save it in the ClamWin db program data folder or add the signature to an existing MDB file you may have there. Do not save the file with a .txt or .text on the end of the name. Save it as Sigfile.mdb (select type All Files to prevent the .txt or .text at the end of the filename), otherwise ClamWin will be unable to recognize it as a signature. MDB signatures identify important parts of a malware file and will last until the next version of the malware comes out--often in a week or so, but some malware authors reuse parts of their old file, so an MDB signature could last longer--maybe for a month. This signature probably fits the longer lasting group, as development of such tools takes some time.

40448:875ed0eec0bd64f4940d19abc668d439:Win.Trojan.Iranian.ExchangeHacker-060319.1404

Regards,
View user's profileSend private message
MDB Signature For Iranian Threat Tool
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic