ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Remote Access Trojan Targetilng Universities

Joined: 09 Jul 2006
Posts: 4664
Location: USA
Reply with quote
There is a remote access trojan that is targeting U. S. Universities. This Rat is actually rather old, having been used by state sponsored malware authors since at least 2010. I recall getting some signatures for it when I was working signatures at Clam AV. On the off-chance that we have some universities using ClamWin, or on the chance it may target personal users at some point, below is a ClamWin MDB signature for the latest version of it.

Copy the MDB signature to a Notepad file and save it in the ClamWin db program data folder, or add the signature to an existing MDB file if you already have it there. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.mdb. Select file type All Files to prevent the .txt or .text at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signature works--delete the signature file if it does not.

Signatures may last for one week or longer depending upon how lazy the malware authors are about changing their version. MDB signatures may last up to a month.


View user's profileSend private message
Remote Access Trojan Targetilng Universities
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

 Reply to topic