VS0610001 Possible new malware [Agent?]
Data on a sample of a suspected new malware being spread via IM
using a website link in the IM [MSN].
Which uses a PHP script to download a file.
This was caught by an end-user.
I have included data on a sample for your information and analysis.
1 copy has been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: photo211.pif
FileDateTime: 03/10/2006 17:03:30
Filesize: 137216
MD5: 50f685141c9252a13ece1febd372e491
CRC32: B2851914
File Type: PE Executable
============================================================
Scan report of: photo211.pif
@Proventia-VPS Malicious (Cancelled)
AntiVir -
Avast! Win32:Agent-BNP [Trj]
AVG -
BitDefender -
ClamAV -
Command -
Dr Web -
eSafe Trojan/Worm [100] (suspicious)
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure -
F-Secure (BETA) -
Fortinet -
Fortinet (BETA) -
Ikarus -
Kaspersky -
McAfee -
McAfee (BETA) -
Microsoft -
Nod32 -
Norman -
Panda -
Panda (BETA) -
QuickHeal Suspicious (warning)
Rising -
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 -
VirusBuster -
WebWasher Worm.Win32.Malware.gen (suspicious)
YY_Spybot -
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
