VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Saturday, 20 January 2007

VS0701003 Possible New Malware [Small?]

Data on a sample of a suspected new malware being spread via an e-mail with an attachment.

This was caught by my Bayesian filter trained to catch e-mail borne malware.

I have included data on a sample for your information and analysis.

60 copies have been trapped so far.

I haven't had a chance to test it on a goat system yet.



FileName: Video.exe
FileDateTime: 19/01/2007 23:24:26
Filesize: 26624
MD5: 01a1115bcb0d5e32a98c76a50ac8868d
CRC32: 79C8760C
File Type: PE Executable
Packer: UPX

Subject Lines Seen:
Russian missle shot down Chinese satellite
Chinese missile shot down USA satellite
Sadam Hussein alive!
Sadam Hussein safe and sound!

Attachments Seen:
Full Story.exe
Read More.exe
Full Clip.exe
Full Text.exe


Scan report of: Video.exe

@Proventia-VPS -
AntiVir -
Avast! -
BitDefender -
ClamAV -
Command -
Dr Web BackDoor.Groan
eSafe Trojan/Worm [101] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal -
Rising -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
WebWasher Win32.ModifiedUPX.gen!90 (suspicious)
YY_Spybot Smitfraud-C.,,Installer


This is a new variant of the threat reported as VS0701002 on this blog.

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home