VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Friday, 6 July 2007

VS0707001 Possible New Malware [Bancos]

Data on a sample of a suspected new malware being seeded
via a spam e-mail with a link to the sample detailed below.

URL used: http://[SITE NAME REMOVED]/media/iphone.scr

1 copy has been trapped so far.

I haven't had a chance to test them on a goat system yet.



FileName: iphone.scr
FileDateTime: 06/07/2007 15:19:52
Filesize: 41472
MD5: 2c6af05edab480d6a6ed3b9b7ea32f51
File Type: PE Executable


Scan report of: iphone.scr

@Proventia-VPS -
AntiVir TR/Crypt.XPACK.Gen
Avast! -
BitDefender Trojan.Spy.Wsnpoem.A
ClamAV Trojan.Spy-8403
Command W32/Backdoor.ATPB
Dr Web Trojan.Proxy.1872
eSafe Trojan/Worm [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot W32/Backdoor.ATPB
F-Secure Trojan-Spy.Win32.Bancos.aam
F-Secure (BETA) Trojan-Spy.Win32.Bancos.aam
Fortinet W32/Agent.BRW!tr
Fortinet (BETA) W32/Agent.BRW!tr
Ikarus Trojan-Spy.Win32.Bancos.aam
Kaspersky Trojan-Spy.Win32.Bancos.aam
McAfee New Malware.fh (trojan or variant)
McAfee (BETA) New Malware.fh (trojan or variant)
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Rising -
Sophos Mal/EncPk-W
Symantec Infostealer.Banker.C
Symantec (BETA) Infostealer.Banker.C
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
WebWasher Trojan.Crypt.XPACK.Gen
YY_A-Squared -
YY_Spybot Smitfraud-C.,,Executable


The site has also been reported to the hosting company, hopefully they can remove the file or pull the site before too many people get infected.

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home