We've seen them as well today. It's either a new virus or a variant.
Here are the results from virustotal
AntiVir 7.2.0.25 10.10.2006 HEUR/Crypted
Authentium 4.93.8 10.10.2006 W32/[EMAIL PROTECTED]
Avast 4.7.892.0 10.10.2006 no virus found
AVG 386 10.10.2006 no virus found
BitDefender 7.2 10.10.2006 no virus found
CAT-QuickHeal 8.00 10.10.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 10.10.2006 Trojan.Haxdoor-131
eTrust-InoculateIT 23.73.18 10.10.2006 no virus found
eTrust-Vet 30.3.3125 10.10.2006 no virus found
DrWeb 4.33 10.10.2006 BackDoor.Haxdoor.359
Ewido 4.0 10.10.2006 no virus found
Fortinet 2.82.0.0 10.10.2006 suspicious
F-Prot 3.16f 10.10.2006 security risk named W32/[EMAIL PROTECTED]
F-Prot4 4.2.1.29 10.10.2006 W32/[EMAIL PROTECTED]
Ikarus 0.2.65.0 10.10.2006 Trojan-Downloader.Win32.Small.gen
Kaspersky 4.0.2.24 10.10.2006 Backdoor.Win32.Haxdoor.lf
McAfee 4870 10.10.2006 BackDoor-BAC
Microsoft 1.1603 10.10.2006 no virus found
NOD32v2 1.1796 10.10.2006 a variant of Win32/Haxdoor
Norman 5.80.02 10.10.2006 Suspicious_F.gen
Panda 9.0.0.4 10.10.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.094 10.08.2006 no virus found
UNA 1.83 10.10.2006 Backdoor.Haxdoor.B43A
VBA32 3.11.1 10.10.2006 no virus found
VirusBuster 4.3.7:9 10.10.2006 no virus found
Darin.
----- Original Message -----
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
To: <declude.virus@declude.com>
Sent: Tuesday, October 10, 2006 1:31 PM
Subject: RE: [Declude.Virus] New Virus?
Sounds like a very popular eBay scam, not a virus.
Was there actually a hostile application attached?
Submit the executable to:
http://www.virustotal.com/en/indexf.html
Or:
http://virusscan.jotti.org/
I believe that both services share unknown executables with the
antivirus vendors.
Or you directly submit the executable to your preferred antivirus
vendor, usually through a web submission form, e.g.:
http://subwiz.trendmicro.com/SubWiz/Default.asp
Or:
http://www.f-prot.com/virusinfo/submission_form.html
But the vendor websites are notorious for hoarding information to get a
competitive advantage (at the expense of the customers of every other
antivirus vendor!).
Andrew 8)
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Grant Griffith
> Sent: Tuesday, October 10, 2006 10:21 AM
> To: declude.virus@declude.com
> Subject: [Declude.Virus] New Virus?
>
> Hey All
>
> Has anyone seen the email saying that you purchased a Sony
> VAIO for $2,500?
> We received a bunch of these this morning in our mailboxes
> and am trying to figure out how they made it thru the
> scanners. What is the place to send them to see if it is
> begin caught?
>
> Thanks,
> Grant Griffith
> Web Application Developer
> Enhanced Telecommunications
> http://www.etczone.com
> 812-932-1000
>
>
>
>
>
> ---
> This E-mail came from the Declude.Virus mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus". The archives can be found
> at http://www.mail-archive.com.
>
>
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
