VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Tuesday, 13 November 2007

VS0711003 Possible New Malware [Trojan.VB?]

Data on a sample of a suspected new malware being seeded
via an e-mail with a link to a fake Microsoft website.

I have included data on a sample of the file offered on
the site for your information and analysis.

1 copy has been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: WindowsXP-KB923810-x86-ENU.exe
FileDateTime: 13/11/2007 20:23:46
Filesize: 1057651
MD5: b59d788bc907d9aecb15375abe09c606
CRC32: 303D13C6
File Type: PE Executable
Packer: UPX

============================================================

Scan report of: WindowsXP-KB923810-x86-ENU.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [101] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet -
Fortinet (BETA) -
Ikarus Trojan.Win32.VB.azd
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Rising -
Sophos -
Sunbelt -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
WebWasher Win32.ModifiedUPX.gen!84 (suspicious)
YY_A-Squared -
YY_Spybot Smitfraud-C.,,Executable

============================================================
More details on this latest malware, including screenshots of both the e-mail and the website, and some commentary can be found here on my Momusings blog.

Labels: ,

Monday, 12 November 2007

VS0711002 Possible New Malware [Agent?]

Data on a sample of a suspected new malware being seeded
via an e-mail with a link to a fake YouTube website.

I have included data on a sample of the file offered on
the site for your information and analysis.

2 copies have been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: install_flash_player.exe.1
FileDateTime: 12/11/2007 12:09:43
Filesize: 1228800
MD5: 29a8b08786a6a5bd253df5b2a42e7979
CRC32: E8ED5280
File Type: PE Executable

============================================================

Scan report of: install_flash_player.exe.1

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) Trojan-Dropper:W32/Agent.CPL
Fortinet -
Fortinet (BETA) -
Ikarus Win32.SuspectCrc
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Rising -
Sophos -
Sunbelt -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
WebWasher -
YY_A-Squared -
YY_Spybot -

============================================================

More details can be found here on my MoMusings blog.

Labels: ,

Thursday, 8 November 2007

VS0711001 Possible New Malware [Zhelatin?]

Data on a sample of a suspected new malware being seeded
via an e-mail with a link to a website.

I have included data on sample of the file offered on the
site for your information and analysis.

1 copy has been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: dancer.exe
FileDateTime: 08/11/2007 09:33:24
Filesize: 125283
MD5: bf9dfa4e8f6ea259b3aff05cf5509215
CRC32: 44507CCE
File Type: PE Executable

============================================================

Scan report of: dancer.exe

@Proventia-VPS -
AntiVir WORM/Zhelatin.Gen
Avast! -
AVG -
BitDefender Trojan.Peed.INS (suspected)
ClamAV -
Command -
Dr Web Trojan.Packed.209
eSafe File [100] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky -
McAfee New Malware.cn (trojan or variant)
McAfee (BETA) New Malware.cn (trojan or variant)
Microsoft TrojanDropper:Win32/Nuwar.gen!avkill (suspicious)
Nod32 NewHeur_PE (probably unknown virus)
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising -
Sophos Mal/Dorf-F
Sunbelt -
Symantec -
Symantec (BETA) Trojan.Peacomm.D
Trend Micro WORM_NUCRP.GEN
Trend Micro (BETA) WORM_NUCRP.GEN
VBA32 -
VirusBuster -
WebWasher Worm.Zhelatin.Gen
YY_A-Squared -
YY_Spybot -

============================================================

Labels: ,