VSUB - Malware Submissions

Wednesday 12th April, 2006

VS0604004 Possible new malware [Agent]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by my Bayesian Filter.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: urso.com.suspect
FileDateTime: 02/04/2006 19:15:20
Filesize: 36864
MD5: 07ce151745b6e4afaf1539bff26f17c2
CRC32: 44E403D8
File Type: PE Executable

Scan report of: urso.com.suspect

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet -
Fortinet (BETA) -
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Nod32 -
Norman W32/Agent.YUH
Panda -
Panda (BETA) -
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot -

============================================================

VS0604003 Possible new malware [Banload]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by my Bayesian Filter.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: photo.scr
FileDateTime: 07/04/2006 11:59:44
Filesize: 28160
MD5: 79bd10112c2cf60eed5d5b23fd5e27f8
CRC32: EAD038A6
File Type: PE Executable
Packer: DoomPack

Scan report of: photo.scr.suspect

@Proventia-VPS -
AntiVir Heuristic/Trojan.Downloader
Avast! -
AVG Downloader.Generic.XAY (Trojan horse)
BitDefender GenPack:Trojan.Downloader.Dadobra.JV
ClamAV -
Command -
Dr Web Trojan.DownLoader.7316
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Trojan-Downloader.Win32.Banload.ts
F-Secure (BETA) Trojan-Downloader.Win32.Banload.ts
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Trojan-Downloader.Win32.Banload.TS
Kaspersky Trojan-Downloader.Win32.Banload.ts
McAfee -
McAfee (BETA) -
Nod32 Win32/TrojanDownloader.Dadobra.IA trojan (variant)
Norman W32/Downloader (Sandbox)
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro TROJ_BANLOAD.ZL
Trend Micro (BETA) TROJ_BANLOAD.ZL
VBA32 -
VirusBuster -
YY_Spybot Dialer_XX,,Executable

============================================================

VS0604002 Possible new malware [Bancos]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by my Bayesian Filter.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: carteiro.exe
FileDateTime: 08/04/2006 16:41:04
Filesize: 649728
MD5: 7fddcb732c8a0cdd260fb0df2d06ee09
CRC32: 11FC3EB5
File Type: PE Executable

Scan report of: carteiro.exe.suspect

@Proventia-VPS Malicious (Cancelled)
AntiVir TR/Spy.Banker.ark.822
Avast! Win32:Banker-AGA [Trj]
AVG -
BitDefender Trojan.Spy.Banker.ARK
ClamAV -
Command -
Dr Web Trojan.PWS.Banker.based
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET Win32/Bancos.CXG
eTrust-VET (BETA) Win32/Bancos.CXG
Ewido Logger.Banker.ark
F-Prot -
F-Secure Trojan-Spy.Win32.Banker.ark
F-Secure (BETA) Trojan-Spy.Win32.Banker.ark
Fortinet -
Fortinet (BETA) -
Ikarus Backdoor.Win32.Ciadoor.13
Kaspersky Trojan-Spy.Win32.Banker.ark
McAfee -
McAfee (BETA) -
Nod32 -
Norman -
Panda Trj/Banker.CNU
Panda (BETA) Trj/Banker.CNU
QuickHeal -
Sophos Troj/Bnkmr-Fam
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Spy.Banker.138 (suspected)
VirusBuster -
YY_Spybot -

============================================================

VS0604001 Possible new malware [Clagger]

Filed under: All, Submitted

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by my Bayesian Filter.

I have included data below on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: photoalbum.exe
FileDateTime: 12/04/2006 10:52:34
Filesize: 5372
MD5: b19ccd277bacac0dfc51a44e1fa02166
CRC32: 47E7F347
File Type: PE Executable
Packer: FSG

Scan report of: photoalbum.exe

@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET Win32/Clagger!generic
eTrust-VET (BETA) Win32/Clagger!generic
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet W32/ATM!dldr
Fortinet (BETA) W32/ATM!dldr
Ikarus Trojan-Downloader.Win32.Small.ckj
Kaspersky -
McAfee Downloader-ATM (trojan or variant)
McAfee (BETA) Downloader-ATM (trojan or variant)
Nod32 Win32/TrojanDownloader.Small.NIH trojan (probably variant)
Norman -
Panda Trj/Abwiz.A
Panda (BETA) Trj/Abwiz.A
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro PAK_Generic.001
Trend Micro (BETA) PAK_Generic.001
VBA32 -
VirusBuster -
YY_Spybot -

============================================================

Get free blog up and running in minutes with Blogsome | Theme designs available here