VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Friday, 19 January 2007

VS0701002 Possible New Malware [Small?]

Data on a sample of a suspected new malware being spread via an e-mail with an attachment.

This was caught by my Bayesian filter trained to catch e-mail borne malware.

I have included data on a sample for your information and analysis.

35 copies have been trapped so far.

I haven't had a chance to test it on a goat system yet.



FileName: Video.exe
FileDateTime: 18/01/2007 23:00:39
Filesize: 29347
MD5: 8cb9492e06662a7b4a072cbbe03bbffe
CRC32: 714168B3
File Type: PE Executable
Packer: UPX

Subject lines seen:
230 dead as storm batters Europe.
A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
Naked teens attack home director.
British Muslims Genocide

Attachments seen:
Full Story.exe
Read More.exe
Full Clip.exe
Full Video.exe


Scan report of: Video.exe

@Proventia-VPS -
AntiVir -
Avast! -
BitDefender MemScan:Trojan.Agent.AHS
ClamAV Trojan.Downloader-647
Command W32/Downloader.AYDY
Dr Web Trojan.Spambot
eSafe Trojan/Worm [101] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET Win32/Tibs!generic
eTrust-VET (BETA) Win32/Pecoan.B
Ewido -
F-Prot W32/Downloader.AYDY
F-Secure Trojan-Downloader.Win32.Small.dam
F-Secure (BETA) Trojan-Downloader.Win32.Small.dam
Fortinet -
Fortinet (BETA) -
Ikarus Trojan-Downloader.Win32.Small.dam
Kaspersky Trojan-Downloader.Win32.Small.dam
McAfee -
McAfee (BETA) Downloader-BAI trojan
Microsoft -
Nod32 Win32/Nuwar.Q worm
Norman W32/Tibs.gen12
Panda -
Panda (BETA) Trj/Alanchum.NX
QuickHeal -
Rising -
Sophos Troj/DwnLdr-FYD
Symantec Trojan.Packed.8
Symantec (BETA) Trojan.Packed.8
VBA32 -
VirusBuster Trojan.DL.Tibs.Gen!Pac13
WebWasher Trojan.Dldr.Small.DBX
YY_Spybot Smitfraud-C.,,Installer


More details and some commentary can be found here [on my other blog].

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home