VSUB - Malware Submissions

Details on new malware submitted to anti-malware vendors for inclusion in their products...

Tuesday, 13 November 2007

VS0711003 Possible New Malware [Trojan.VB?]

Data on a sample of a suspected new malware being seeded
via an e-mail with a link to a fake Microsoft website.

I have included data on a sample of the file offered on
the site for your information and analysis.

1 copy has been trapped so far.

I haven't had a chance to test it on a goat system yet.

============================================================

Details:

FileName: WindowsXP-KB923810-x86-ENU.exe
FileDateTime: 13/11/2007 20:23:46
Filesize: 1057651
MD5: b59d788bc907d9aecb15375abe09c606
CRC32: 303D13C6
File Type: PE Executable
Packer: UPX

============================================================

Scan report of: WindowsXP-KB923810-x86-ENU.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [101] (suspicious)
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet -
Fortinet (BETA) -
Ikarus Trojan.Win32.VB.azd
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal -
Rising -
Sophos -
Sunbelt -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
WebWasher Win32.ModifiedUPX.gen!84 (suspicious)
YY_A-Squared -
YY_Spybot Smitfraud-C.,,Executable

============================================================
More details on this latest malware, including screenshots of both the e-mail and the website, and some commentary can be found here on my Momusings blog.

Labels: ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home