VS0602008 Possible new malware [Bagle/Mitglieder]
Data on a sample of a suspected new malware being spread via e-mail.
This was caught by my Bayesian Filter.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: RR-0922-014.exe
FileDateTime: 26/02/2006 12:08:52
Filesize: 5492
MD5: ebc2ba74578cb23af083c89b31060a28
CRC32: 14EE5F6A
File Type: PE Executable
Packer: FSG
Scan report of: RR-0922-014.exe
@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command W32/Zonko.A
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot W32/Zonko.A
F-Secure -
F-Secure (BETA) -
Fortinet PossibleThreat!01846
Fortinet (BETA) PossibleThreat!01846
Ikarus Email-Worm.Win32.Bagle.EZ
Kaspersky -
McAfee -
McAfee (BETA) -
Nod32 Win32/TrojanDownloader.Small.NIH trojan (variant)
Norman Suspicious_F.gen
Panda Suspicious file
Panda (BETA) Trj/Nabload.BR
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro PAK_Generic.001
Trend Micro (BETA) TROJ_DLOADER.BSL
VBA32 -
VirusBuster -
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
