VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Tuesday, 10 April 2007

VS0704001 Possible new malware [Small/Tibs?]

Data on three samples of a suspected new malware being seeded
via e-mail.

These were caught by my bayesian malware filter.

I have included multiple samples for your information and analysis.

3 copies have been trapped so far.

Subject lines seen:
Missle Strike: The USA kills more then 1000 Iranian citizens
Missle Strike: The USA kills more then 10000 Iranian citizens

Attachment names seen:
Click Here.exe
Video.exe
Read Me.exe

I haven't had a chance to test them on a goat system yet.

============================================================

Details:

FileName: Video.exe
FileDateTime: 08/04/2007 20:50:15
Filesize: 51342
MD5: 99cdc9be6334d73efc241ce93c7ed2fe
CRC32: B2A3D3A6
File Type: PE Executable

FileName: Click Here.exe
FileDateTime: 08/04/2007 20:59:17
Filesize: 51342
MD5: 4a32764f9165980e255a80ee63edf402
CRC32: 96651D8
File Type: PE Executable

FileName: Read Me.exe
FileDateTime: 08/04/2007 20:49:10
Filesize: 51342
MD5: 95c563731b7828d6e98eae81ee08869f
CRC32: ED8E7715
File Type: PE Executable

============================================================

Scan report of: Click Here.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender Trojan.Peed.Gen
ClamAV -
Command -
Dr Web Trojan.Packed.80
eSafe Trojan/Worm [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot W32/Trojan.ADUB
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec Trojan.Packed.13
Symantec (BETA) Trojan.Packed.13
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Worm.Win32.Malware.gen (suspicious)
YY_Spybot -

============================================================

Scan report of: Read Me.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender Trojan.Peed.Gen
ClamAV -
Command -
Dr Web Trojan.Packed.80
eSafe Trojan/Worm [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot W32/Trojan.ADUB
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec Trojan.Packed.13
Symantec (BETA) Trojan.Packed.13
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Worm.Win32.Malware.gen (suspicious)
YY_Spybot -

============================================================

Scan report of: Video.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender Trojan.Peed.Gen
ClamAV -
Command -
Dr Web Trojan.Packed.80
eSafe Trojan/Worm [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot W32/Trojan.ADUB
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec Trojan.Packed.13
Symantec (BETA) Trojan.Packed.13
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Worm.Win32.Malware.gen (suspicious)
YY_Spybot -

============================================================

Labels: ,