We've seen them as well today. It's either a new virus or a variant. Here are the results from virustotal
AntiVir 7.2.0.25 10.10.2006 HEUR/Crypted Authentium 4.93.8 10.10.2006 W32/[EMAIL PROTECTED] Avast 4.7.892.0 10.10.2006 no virus found AVG 386 10.10.2006 no virus found BitDefender 7.2 10.10.2006 no virus found CAT-QuickHeal 8.00 10.10.2006 (Suspicious) - DNAScan ClamAV devel-20060426 10.10.2006 Trojan.Haxdoor-131 eTrust-InoculateIT 23.73.18 10.10.2006 no virus found eTrust-Vet 30.3.3125 10.10.2006 no virus found DrWeb 4.33 10.10.2006 BackDoor.Haxdoor.359 Ewido 4.0 10.10.2006 no virus found Fortinet 2.82.0.0 10.10.2006 suspicious F-Prot 3.16f 10.10.2006 security risk named W32/[EMAIL PROTECTED] F-Prot4 4.2.1.29 10.10.2006 W32/[EMAIL PROTECTED] Ikarus 0.2.65.0 10.10.2006 Trojan-Downloader.Win32.Small.gen Kaspersky 4.0.2.24 10.10.2006 Backdoor.Win32.Haxdoor.lf McAfee 4870 10.10.2006 BackDoor-BAC Microsoft 1.1603 10.10.2006 no virus found NOD32v2 1.1796 10.10.2006 a variant of Win32/Haxdoor Norman 5.80.02 10.10.2006 Suspicious_F.gen Panda 9.0.0.4 10.10.2006 Suspicious file Sophos 4.10.0 10.05.2006 no virus found TheHacker 6.0.1.094 10.08.2006 no virus found UNA 1.83 10.10.2006 Backdoor.Haxdoor.B43A VBA32 3.11.1 10.10.2006 no virus found VirusBuster 4.3.7:9 10.10.2006 no virus found Darin. ----- Original Message ----- From: "Colbeck, Andrew" <[EMAIL PROTECTED]> To: <declude.virus@declude.com> Sent: Tuesday, October 10, 2006 1:31 PM Subject: RE: [Declude.Virus] New Virus? Sounds like a very popular eBay scam, not a virus. Was there actually a hostile application attached? Submit the executable to: http://www.virustotal.com/en/indexf.html Or: http://virusscan.jotti.org/ I believe that both services share unknown executables with the antivirus vendors. Or you directly submit the executable to your preferred antivirus vendor, usually through a web submission form, e.g.: http://subwiz.trendmicro.com/SubWiz/Default.asp Or: http://www.f-prot.com/virusinfo/submission_form.html But the vendor websites are notorious for hoarding information to get a competitive advantage (at the expense of the customers of every other antivirus vendor!). Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Grant Griffith > Sent: Tuesday, October 10, 2006 10:21 AM > To: declude.virus@declude.com > Subject: [Declude.Virus] New Virus? > > Hey All > > Has anyone seen the email saying that you purchased a Sony > VAIO for $2,500? > We received a bunch of these this morning in our mailboxes > and am trying to figure out how they made it thru the > scanners. What is the place to send them to see if it is > begin caught? > > Thanks, > Grant Griffith > Web Application Developer > Enhanced Telecommunications > http://www.etczone.com > 812-932-1000 > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.