VS0605001 Possible new malware [Ardamax]
Data on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by my Bayesian Filter.
This appears to be a spam run as I’ve received around a dozen e-mails
linking to the download site. All the e-mails have been received at
different addresses.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: client.zip
FileDateTime: 09/05/2006 08:55:36
Filesize: 405562
MD5: ec17dd260473be369e2daa0b3de63a16
CRC32: 8FBCF18C
File Type: ZIP Archive File
Contains:-
FileName: PuTTy.exe
FileDateTime: 08/05/2006 23:32:46
Filesize: 413816
MD5: a4070bc5d859111320de6478c3c195ca
CRC32: 72785A3F
File Type: PE Executable
============================================================
Scan report of: PuTTy.exe
@Proventia-VPS -
AntiVir -
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web Program.Ardamax
eSafe -
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Not-A-Virus.Monitor.Win32.Ardamax.k
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet -
Fortinet (BETA) -
Ikarus Monitor.Win32.Ardamax.k
Kaspersky not-a-virus:Monitor.Win32.Ardamax.k
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman W32/Ardamax.ACK
Panda Application/Ardamax
Panda (BETA) Application/Ardamax
QuickHeal -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 Trojan-Dropper.VB.22 (suspected)
VirusBuster -
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
