VS0605004 Possible new malware [Mytob]
Data on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by an end user.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: Confirmation_Sheet.pif
FileDateTime: 23/05/2006 15:22:26
Filesize: 105472
MD5: f86115cd2ade54cdcfdbeb9037f98c43
CRC32: 44742219
File Type: PE Executable
============================================================
Scan report of: Confirmation_Sheet.pif
@Proventia-VPS -
AntiVir Worm/IRCBo.112640.1
Avast! Win32:Mytob-QG [Wrm]
AVG -
BitDefender Win32.Worm.MyTob.GF
ClamAV -
Command -
Dr Web -
eSafe Win32.Polipos.sus
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET Win32/Mytob.MR
eTrust-VET (BETA) Win32/Mytob.MR
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus Backdoor.Win32.ProRat.AE
Kaspersky Net-Worm.Win32.Mytob.ep
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos W32/Mytob-HW
Symantec -
Symantec (BETA) W32.Mytob.PP@mm
Trend Micro -
Trend Micro (BETA) -
VBA32 -
VirusBuster -
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
