So, my virus scanner is clamav. I mainly use it to scan incoming e-mail and filter it so that I don’t have to see it. (the MyTob virus was generating upwards of 300 messages a day). So, I watch for messages that look like viruses that aren’t caught by clamav. Over the last week, I’ve been getting 1 message a day that Kaspersky AVP recognizes as a MyTob variant. I’ve been submitting samples to clamav but they haven’t classified the virus yet.
I’m getting troubled, because this is exactly what happened at the beginning of the MyTob worm spread — just a small trickle of virues coming in, and not getting recognized. Then, when the flood arrived, they began to be classified. The disturbing thing about this is that it means that right now, new MyTob variants are being spread to peoples computers, which means they’ll propegate even faster.
Ugh.
I hope clamav gets with it and starts to classify these guys.