VS0608003 Possible new malware [SDbot?]
Data on a sample of a suspected new malware being spread via SMB.
This was caught by my WormCharmer.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: dvdafw.exe
FileDateTime: 25/08/2006 15:00:15
Filesize: 31364
MD5: f837afb65b5069e329c669e77af5ecc2
CRC32: 8E4A6561
File Type: PE Executable
============================================================
Scan report of: dvdafw.exe
@Proventia-VPS Malicious (Cancelled)
AntiVir HEUR/Trojan.Downloader
Avast! Win32:SdBot-3366 [Trj]
AVG -
BitDefender DeepScan:Generic.Malware.SIWBdld.41EACFA7
ClamAV -
Command -
Dr Web Win32.IRC.Bot.based
eSafe Win32.Polipos.sus
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET Win32/Slinbot!generic
eTrust-VET (BETA) Win32/Slinbot!generic
Ewido -
F-Prot -
F-Secure Backdoor.Win32.SdBot.gen
F-Secure (BETA) Backdoor.Win32.SdBot.gen
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky Backdoor.Win32.SdBot.gen
McAfee -
McAfee (BETA) -
Microsoft Win32/NetWorm.gen
Nod32 IRC/SdBot trojan (variant)
Norman W32/Suspicious_U.gen
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Sophos W32/Sdbot-Fam
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Heuristic.Trojan.Downloader
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
