VS0609001 Possible new malware
Data on a sample of a suspected new malware being spread via a
website link in a phishing e-mail.
This was caught by my Bayesian filter.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: ghost11.exe
FileDateTime: 23/09/2006 20:43:03
Filesize: 20812
MD5: c9c11bfc6e455c5e5ed9fbbdd0582d3b
CRC32: A22C5684
File Type: PE Executable
Packer: FSG
============================================================
Scan report of: ghost11.exe
@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! -
AVG -
BitDefender DeepScan:Generic.Malware.SYw.BAA446B2
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus suspicious
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 NewHeur_PE (probably unknown virus)
Norman Suspicious_F.gen
Panda Suspicious file
Panda (BETA) Suspicious file
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 Malware.Agent.41 (suspected)
VirusBuster -
WebWasher Heuristic.Crypted
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
