VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Wednesday, 14 February 2007

VS0702004 Possible new malware [Downloader?]

Data on a sample of a suspected new malware being seeded via a
fake valentine e-card link which arrives via e-mail.

Example links:
http:// [removed] .info/uk/view.pd.htm
[URL made safe.]

which downloads:
http:// [removed] .info/uk/flash/install_flash_player.exe
[URL made safe.]

This was caught by an end-user.

I have included data on a sample for your information and analysis.

2 copies have been trapped so far.

Screenshots and more details can be found on my momusings blog
http://momusings.blogsome.com/2007/02/13/stupid-cupid-stop-picking-on-me/

I haven't had a chance to test them on a goat system yet.

============================================================

Details:

FileName: install_flash_player.exe
FileDateTime: 13/02/2007 14:56:25
Filesize: 9480
MD5: 95b221b32a46b3918c07e0e22a110f53
CRC32: 56D781F8
File Type: PE Executable


============================================================

Scan report of: install_flash_player.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet -
Fortinet (BETA) -
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Rising -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher -
YY_Spybot -

============================================================

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home