The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> One of our users has reported that the University of Birmingham Eduroam
> CAT is being flagged as malware in their Norton 360 AV software. We have
> checked this on VirusTotal and it appears to be being reported by a
> small number of other AV engines.
> 
> We suspect this to be a false-positive based on the behaviour of the
> tool (possible its insertion into autoruns). I have attached a
> screenshot of the VirusTotal results.

That's my assumption as well. The screenshot shows that
behavioural/heuristics is what triggered this on three of the four scan
results. "Malware Generic" "Suspicious" and "BehavesLike" are typical
words seen in heuristic matches.

I'm a bit worried that one AV engine, Baidu, reports a real hit for a
trojan "WisdomEyes". But quick googling suggests that Baidu are also the
only ones the planet who actually have a trojan with that name in their
DB. So, maybe they are just wrong.

Unless more scanners report actual hits I'm really rather sure that this
is a false positive.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature