VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Friday, 12 January 2007

VS0701001 Possible New Malware [VSBot?]

Data on a sample of a suspected new malware being spread via a website,
using a fake e-card e-mail alert to tempt the user to download the fake e-card, whch is actually an executable.

This was caught by an end-user.

I have included data on a sample for your information and analysis.

12 copies have been trapped so far.

I haven't had a chance to test it on a goat system yet.



FileName: Greeting.gif.exe
FileDateTime: 11/01/2007 09:39:16
Filesize: 132838
MD5: c48cbb9ad058eb2d7d0166447b0a2ed9
CRC32: 4DE50071
File Type: PE Executable
Packer/Archiver: NSIS


Scan report of: Greeting.gif.exe

@Proventia-VPS -
AntiVir TR/Drop.VB.apv.7
Avast! -
BitDefender Backdoor.IRCBot.AG
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-INO Win32/VSBot.2ob!Trojan
eTrust-INO (BETA) Win32/VSBot.2ob!Trojan
eTrust-VET Win32/Veesbot.A
eTrust-VET (BETA) Win32/Veesbot.A
Ewido -
F-Prot -
F-Secure Backdoor.Win32.VB.apv
F-Secure (BETA) Backdoor.Win32.VB.apv
Fortinet W32/VB.APV!tr.bdr
Fortinet (BETA) W32/VB.APV!tr.bdr
Ikarus Backdoor.Win32.VB.apv
Kaspersky Backdoor.Win32.VB.apv
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
QuickHeal -
Rising -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster Trojan.DR.VB.YYW
WebWasher Trojan.Drop.VB.apv.7
YY_Spybot -


Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home