VS0607002 Possible new malware [Downloader?]
Data on a sample of a suspected new malware being spread via a link
in an e-mail.
This was caught by my Bayesian Filter.
I have included data on a sample of the executable downloaded from the link in
the e-mail for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: fotos.cmd
FileDateTime: 19/07/2006 08:52:53
Filesize: 147988
MD5: bd958c2d06fc9a7456bfa6c8c67218d1
CRC32: E042FADB
File Type: PE Executable
============================================================
Scan report of: fotos.cmd
@Proventia-VPS -
AntiVir HEUR/Crypted.Layered.B
Avast! -
AVG Downloader.Generic2.FEW (Trojan horse)
BitDefender BehavesLike:Trojan.Downloader (suspected)
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido Downloader.Delf.apx
F-Prot -
F-Secure Trojan-Downloader.Win32.Delf.apx
F-Secure (BETA) Trojan-Downloader.Win32.Delf.apx
Fortinet W32/Delf.APX!tr.dldr
Fortinet (BETA) W32/Delf.APX!tr.dldr
Ikarus -
Kaspersky Trojan-Downloader.Win32.Delf.apx
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman W32/Suspicious_U.gen
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Heuristic.Crypted.Layered.B
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
