RE: [Declude.Virus] another new virus

Colbeck, Andrew Tue, 20 Jun 2006 13:29:17 -0700

Ditto.

F-Prot notices that the zip file is password protected and I can see that there is a very-Bagle-ish gif file of the password.

David Barker's earlier response of using:

BANEXT EZIP

in your virus.cfg will work to catch these.

I received a single copy, and it was from a likely zombie due to the reverse DNS I noted. I submitted my sample to Trend and to ClamAV.

Andrew 8)

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner
Sent: Tuesday, June 20, 2006 12:42 PM
To: [email protected]
Subject: [Declude.Virus] another new virus

I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude). The messages are all around 86k in size, and contain a gif and an encrypted zip file. It pretends to be sending you a password for some unnamed account.

Following is what VirusTotoal says:

Antivirus Version Update Result

AntiVir 6.35.0.13 06.20.2006 no virus found

Authentium 4.93.8 06.20.2006 Not scanned (encrypted)

Avast 4.7.844.0 06.20.2006 no virus found

AVG 386 06.20.2006 no virus found

BitDefender 7.2 06.20.2006 no virus found

CAT-QuickHeal 8.00 06.20.2006 no virus found

ClamAV devel-20060426 06.20.2006 no virus found

DrWeb 4.33 06.20.2006 no virus found

eTrust-InoculateIT 23.72.43 06.20.2006 no virus found

eTrust-Vet 12.6.2265 06.20.2006 no virus found

Ewido 3.5 06.20.2006 no virus found

Fortinet 2.77.0.0 06.20.2006 no virus found

F-Prot 3.16f 06.20.2006 suspicious

Ikarus 0.2.65.0 06.20.2006 no virus found

Kaspersky 4.0.2.24 06.20.2006 no virus found

McAfee 4788 06.20.2006 no virus found

Microsoft 1.1441 06.20.2006 password protected

NOD32v2 1.1611 06.20.2006 error - password-protected file

Norman 5.90.21 06.20.2006 Mitglied.gen

Panda 9.0.0.4 06.20.2006 no virus found

Sophos 4.06.0 06.20.2006 no virus found

Symantec 8.0 06.20.2006 no virus found

TheHacker 5.9.8.162 06.20.2006 no virus found

UNA 1.83 06.20.2006 no virus found

VBA32 3.11.0 06.20.2006 no virus found

VirusBuster 4.3.7:9 06.20.2006 I-Worm.Bagle.ZIP.Gen

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

Antivirus	Version	Update	Result
AntiVir	6.35.0.13	06.20.2006	no virus found
Authentium	4.93.8	06.20.2006	Not scanned (encrypted)
Avast	4.7.844.0	06.20.2006	no virus found
AVG	386	06.20.2006	no virus found
BitDefender	7.2	06.20.2006	no virus found
CAT-QuickHeal	8.00	06.20.2006	no virus found
ClamAV	devel-20060426	06.20.2006	no virus found
DrWeb	4.33	06.20.2006	no virus found
eTrust-InoculateIT	23.72.43	06.20.2006	no virus found
eTrust-Vet	12.6.2265	06.20.2006	no virus found
Ewido	3.5	06.20.2006	no virus found
Fortinet	2.77.0.0	06.20.2006	no virus found
F-Prot	3.16f	06.20.2006	suspicious
Ikarus	0.2.65.0	06.20.2006	no virus found
Kaspersky	4.0.2.24	06.20.2006	no virus found
McAfee	4788	06.20.2006	no virus found
Microsoft	1.1441	06.20.2006	password protected
NOD32v2	1.1611	06.20.2006	error - password-protected file
Norman	5.90.21	06.20.2006	Mitglied.gen
Panda	9.0.0.4	06.20.2006	no virus found
Sophos	4.06.0	06.20.2006	no virus found
Symantec	8.0	06.20.2006	no virus found
TheHacker	5.9.8.162	06.20.2006	no virus found
UNA	1.83	06.20.2006	no virus found
VBA32	3.11.0	06.20.2006	no virus found
VirusBuster	4.3.7:9	06.20.2006	I-Worm.Bagle.ZIP.Gen

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

RE: [Declude.Virus] another new virus

Reply via email to