VSUB - Malware Submissions

Details on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by my Bayesian Filter.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: photoalbum.exe
FileDateTime: 23/05/2006 17:38:18
Filesize: 9472
MD5: 2d081ffa3e7220b02c950809aa7f2f10
CRC32: F3990804
File Type: PE Executable
Packer: FSG

============================================================

Scan report of: photoalbum.exe

@Proventia-VPS -
AntiVir TR/Dldr.Avangt.A.2
Avast! -
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) Dloader.U!tr
Ikarus Trojan-Downloader.Win32.Harnig.bl
Kaspersky -
McAfee Generic Downloader.u trojan
McAfee (BETA) Generic Downloader.u trojan
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot Smitfraud-C.,,Executable

============================================================

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by an end user.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: Confirmation_Sheet.pif
FileDateTime: 23/05/2006 15:22:26
Filesize: 105472
MD5: f86115cd2ade54cdcfdbeb9037f98c43
CRC32: 44742219
File Type: PE Executable

============================================================

Scan report of: Confirmation_Sheet.pif

@Proventia-VPS -
AntiVir Worm/IRCBo.112640.1
Avast! Win32:Mytob-QG [Wrm]
AVG -
BitDefender Win32.Worm.MyTob.GF
ClamAV -
Command -
Dr Web -
eSafe Win32.Polipos.sus
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET Win32/Mytob.MR
eTrust-VET (BETA) Win32/Mytob.MR
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Backdoor.Win32.ProRat.AE
Kaspersky Net-Worm.Win32.Mytob.ep
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos W32/Mytob-HW
Symantec -
Symantec (BETA) W32.Mytob.PP@mm
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot -

============================================================

Data on a sample of a suspected new malware being spread via a link
in an e-mail.

This was caught by an end user.

I have included data on a sample for your information and analysis.

1 copy has been trapped so far.

I haven’t had a chance to test it on a goat system yet.

============================================================

Details:

FileName: Confirmation_Sheet.pif
FileDateTime: 23/05/2006 15:10:08
Filesize: 104448
MD5: 04c8947f68c3e9b616fb544a50fa2ffc
CRC32: B0B85EAA
File Type: PE Executable

============================================================

Scan report of: Confirmation_Sheet.pif

@Proventia-VPS -
AntiVir Worm/IRCBo.112640.1
Avast! Win32:Mytob-QG [Wrm]
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Win32.Polipos.sus
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Backdoor.Win32.ProRat.AE
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot -

============================================================