RE: [Declude.Virus] another new virus

Tue, 20 Jun 2006 22:55:48 -0700

... and here's one writeup on that new Bagle:
 
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBAGLE%2EFN&VSect=T
 
 
Andrew 8)

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, June 20, 2006 1:17 PM
To: [email protected]
Subject: RE: [Declude.Virus] another new virus

Ditto.
 
F-Prot notices that the zip file is password protected and I can see that there is a very-Bagle-ish gif file of the password.
 
David Barker's earlier response of using:
 
BANEXT    EZIP
 
in your virus.cfg will work to catch these.
 
I received a single copy, and it was from a likely zombie due to the reverse DNS I noted.  I submitted my sample to Trend and to ClamAV.
 
Andrew 8)
 
 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner
Sent: Tuesday, June 20, 2006 12:42 PM
To: [email protected]
Subject: [Declude.Virus] another new virus

I just started receiving copies of a new virus that F-Prot flags, but with the descriptive label of "Unknown" (at least out of Declude).  The messages are all around 86k in size, and contain a gif and an encrypted zip file.  It pretends to be sending you a password for some unnamed account.

Following is what VirusTotoal says:

Antivirus Version Update Result
AntiVir 6.35.0.13 06.20.2006 no virus found
Authentium 4.93.8 06.20.2006 Not scanned (encrypted)
Avast 4.7.844.0 06.20.2006 no virus found
AVG 386 06.20.2006 no virus found
BitDefender 7.2 06.20.2006 no virus found
CAT-QuickHeal 8.00 06.20.2006 no virus found
ClamAV devel-20060426 06.20.2006 no virus found
DrWeb 4.33 06.20.2006 no virus found
eTrust-InoculateIT 23.72.43 06.20.2006 no virus found
eTrust-Vet 12.6.2265 06.20.2006 no virus found
Ewido 3.5 06.20.2006 no virus found
Fortinet 2.77.0.0 06.20.2006 no virus found
F-Prot 3.16f 06.20.2006 suspicious
Ikarus 0.2.65.0 06.20.2006 no virus found
Kaspersky 4.0.2.24 06.20.2006 no virus found
McAfee 4788 06.20.2006 no virus found
Microsoft 1.1441 06.20.2006 password protected
NOD32v2 1.1611 06.20.2006 error - password-protected file
Norman 5.90.21 06.20.2006 Mitglied.gen
Panda 9.0.0.4 06.20.2006 no virus found
Sophos 4.06.0 06.20.2006 no virus found
Symantec 8.0 06.20.2006 no virus found
TheHacker 5.9.8.162 06.20.2006 no virus found
UNA 1.83 06.20.2006 no virus found
VBA32 3.11.0 06.20.2006 no virus found
VirusBuster 4.3.7:9 06.20.2006 I-Worm.Bagle.ZIP.Gen




---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.

Reply via email to