ClamAV calls it Trojan.JS.Runme. My update for it came at 3 PM EDT today.
From ClamAV Update list:
Submission: 5025-web, 5026-web, 5027-web, 5028-web, 5029-web, 5030-web, 5043-web, 5044-web,
5045-web, 5046-web, 5047-web, 5048-web
Sender: James Stevens, Bill Landry, Henning Spjelkavik, Melanie Dussiaume, Roman Scheucher, Gunter
Mintzel, Mike Watterson, Martin, Rob Kudyba, wojciech myszka, Philip Corliss, Kevin Way
Virus: unknown, JS/IllWill (McAfee), JS.Dword.dropper (Bitdefender), JScript/IE.VM.Exploit (Inoculate)
Alias: TR/RunMe.Dldr.1 (Hbedv)
Added: Trojan.JS.RunMe
Added: Trojan.RunMe
Note: The name may change.
Note: There are more submissions with this; at the moment I'm publishing just some of them.
-Mike
Jonathan Grotegut wrote:
(In regards to new_price.zip file attachment)
Anyone have any idea what this is, we had some clients just get pretty hard with this email. I am unable to find anything on it, from my VERY Limited knowledge it appears to be a virus exploiting one of the many holes in IE. Anyone else see anything on this yet?
Jonathan Grotegut
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
