VS0610003 Possible new malware [Mechbot?]
Data on a sample of a suspected new malware being spread via e-mail
using a website link in the e-mail.
This was caught by an end-user.
I have included data on a sample for your information and analysis.
2 copies have been trapped so far.
I haven’t had a chance to test it on a goat system yet.
============================================================
Details:
FileName: postcards.exe
FileDateTime: 26/10/2006 11:52:45
Filesize: 647943
MD5: 71d2dc1e6fb0ae9f54ca40ef4220ab28
CRC32: 8ABFA1EC
File Type: PE Executable RAR
Packer: UPX
============================================================
Scan report of: postcards.exe
@Proventia-VPS -
AntiVir -
Avast! Win32:Mechbot [Trj]
AVG BackDoor.Generic2.CGZ (Trojan horse)
BitDefender Application.Vtext.12
ClamAV -
Command -
Dr Web BackDoor.IRC.Mech
eSafe Win32.Mechbot.d
eTrust-INO -
eTrust-INO (BETA) -
eTrust-VET -
eTrust-VET (BETA) -
Ewido -
F-Prot -
F-Secure Backdoor.Win32.Mechbot.d
F-Secure (BETA) Backdoor.Win32.Mechbot.d
Fortinet suspicious
Fortinet (BETA) suspicious
Ikarus -
Kaspersky Backdoor.Win32.Mechbot.d
McAfee VText.12 (potentially unwanted program)
McAfee (BETA) VText.12 (potentially unwanted program)
Microsoft Backdoor:Win32/IRCbot!E2AB
Nod32 -
Norman -
Panda W32/IRCBot.PN.worm
Panda (BETA) W32/IRCBot.PN.worm
QuickHeal -
Rising Backdoor.Mechbot.a
Sophos -
Symantec -
Symantec (BETA) -
Trend Micro -
Trend Micro (BETA) -
UNA -
VBA32 Backdoor.Win32.Mechbot.d
VirusBuster -
WebWasher Worm.Ircbot.PN
YY_Spybot ERROR
============================================================
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/vsub/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
