There is a new state-sponsored virus produced by the North Korean Lazarus group. It is mainly a phishing virus that is targeting sources of information in other countries, but they could use it to download any malware. I submit the signatures below for ClamWin users that might be interested in protection from it. The signatures are all MDB signatures.

Copy the MDB signatures to a Notepad file and save it in the ClamWin db program data folder, or add the signatures to an existing MDB file if you already have one in the folder. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.mdb. Select file type All Files to prevent the .txt or .text from being used at the end of the filename. Check the file before you save it to make sure it will be saved correctly. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signature works--delete the signature file if it does not or remove the signature from an existing MDB file if you have one there and re-save it.

Signatures may last up to a week or longer, depending upon how lazy the malware authors are about changing their version. MDB signatures are signatures for a section of a malware file, and they sometimes can last up to a month, especially if the section is re-used in another malware.

123904:8244acedace09a0d354fd56aaf0c0f40:Win.Trojan.Agent-051220.1801
123904:6a8fcc80d3b556c366b9915ca084df91:Win.Trojan.Agent-051220.1759
135168:03861d6eb2f7ce7eb5a2c20dae40d62b:Win.Trojan.Lazarus-051220.1757
81920:af4b3b39e5faf6f61340622604f97a0e:Win.Trojan.Agent-051220.1756

Regards,