VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Friday, 5 October 2007

VS0710002 Possible New Malware [BZub?]

Data on a sample of a suspected new malware being seeded
via an e-mail with a link to a website.

I have included data on a sample of the file being
offered on the site for your information and analysis.

6 copies have been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: behnert.exe
FileDateTime: 05/10/2007 14:30:03
Filesize: 122584
MD5: a1d660fa9ba56edd66b8387ba1574742
CRC32: B35A3AD1
File Type: PE Executable
Packer: Standard PE File

============================================================

Scan report of: behnert.exe

@Proventia-VPS Malicious (Cancelled)
AntiVir DR/Delphi.Gen
Avast! -
AVG Generic8.FMB (Trojan horse)
BitDefender Trojan.Dropper.Delf.HT (suspected)
ClamAV Trojan.Dropper-2665
Command -
Dr Web -
eSafe -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Spy.Win32.BZub.bmj
F-Secure (BETA) Trojan-Spy.Win32.BZub.bmj
Fortinet -
Fortinet (BETA) -
Ikarus Trojan-Spy.Win32.Goldun.lw
Kaspersky Trojan-Spy.Win32.BZub.bmj
McAfee -
McAfee (BETA) -
Microsoft PWS:Win32/Cimuz.D
Nod32 -
Norman W32/Malware.AZOM
Panda -
Panda (BETA) -
QuickHeal -
Rising -
Sophos Mal/Basine-C
Sunbelt -
Symantec -
Symantec (BETA) -
Trend Micro TSPY_CIMUZ.AT
Trend Micro (BETA) TSPY_CIMUZ.AT
VBA32 -
VirusBuster Trojan.DR.BZub.Gen.13
WebWasher Trojan.Delphi.Gen
YY_A-Squared -
YY_Spybot -

============================================================

Labels: ,

VS0710001 Possible New Malware [Agent?]

Data on a sample of a suspected new malware being seeded
via an attachment to a new Storm Worm, Nuwar spam e-mail.

I have data on the attached zip file, and the file in the
zip for your information and analysis.

1 copy has been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: hent.zip
FileDateTime: 05/10/2007 11:54:09
Filesize: 18971
MD5: 285bce50962a29a65196285491816e7d
CRC32: CBB7DF5C
File Type: ZIP Archive File

Contains:

FileName: hent.exe
FileDateTime: 05/10/2007 12:16:46
Filesize: 20992
MD5: 083bb18514c67dd0d795aedfcac88477
CRC32: 72B5B404
File Type: PE Executable

============================================================

Scan report of: hent.exe

@Proventia-VPS -
AntiVir TR/Dropper.Gen
Avast! -
AVG -
BitDefender Trojan.Pandex.U
ClamAV Trojan.Dropper-2667
Command -
Dr Web BackDoor.Bulknet.78
eSafe -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Downloader:W32/Agent.DTH
F-Secure (BETA) Trojan-Downloader:W32/Agent.DTH
Fortinet -
Fortinet (BETA) Pushdo!tr
Ikarus Win32.Outbreak
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Rising -
Sophos Troj/Pushdo-Gen
Sunbelt -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
WebWasher Trojan.Dropper.Gen
YY_A-Squared -
YY_Spybot Worldsecurityonline.FakeAlert,,Executable

============================================================

Labels: ,