|
|
07-11-2007, 10:45 PM
|
#1 |
|
Guest
Posts: n/a
|
Latest gimmick in malware dispersal?
Finally stopped (in the last 24 hours anyway) getting the greeting
card e-mails, but now I'm getting "new login" e-mails that request you download software to change your user ID to various sites. Here's a munged one - remove the x's in the IP address if you care to visit and see what malware is trying to make the rounds. http://xx74.xx36.xx219.xx105/ |
|
|
07-11-2007, 10:45 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: Latest gimmick in malware dispersal?
On Tue, 21 Aug 2007 14:05:53 -0000, Duh_OZ <ozzy.kopec@gmail.com>
wrote: >Finally stopped (in the last 24 hours anyway) getting the greeting >card e-mails, but now I'm getting "new login" e-mails that request you >download software to change your user ID to various sites. > >Here's a munged one - remove the x's in the IP address if you care to >visit and see what malware is trying to make the rounds. > >http://xx74.xx36.xx219.xx105/ Storm http://isc.sans.org/diary.html?storyid=3298 http://www.f-secure.com/weblog/archi....html#00001255 -- Clay mania dot com |
|
|
|
07-11-2007, 10:45 PM
|
#3 |
|
Guest
Posts: n/a
|
Re: Latest gimmick in malware dispersal?
On Tue, 21 Aug 2007 10:05:53 -0400, Duh_OZ <ozzy.kopec@gmail.com> wrote:
> Here's a munged one - remove the x's in the IP address if you care to > visit and see what malware is trying to make the rounds. From virustotal ... File applet.exe received on 08.21.2007 18:12:41 (CET) Current status: finished Result: 14/32 (43.75%) Compact Print results Antivirus Version Last Update Result AhnLab-V3 2007.8.22.0 2007.08.21 - AntiVir 7.4.1.62 2007.08.21 WORM/Zhelatin.Gen Authentium 4.93.8 2007.08.20 Possibly a new variant of W32/Fathom.1-based!Maximus Avast 4.7.1029.0 2007.08.20 - AVG 7.5.0.484 2007.08.20 Downloader.Tibs.7.D BitDefender 7.2 2007.08.21 - CAT-QuickHeal 9.00 2007.08.21 (Suspicious) - DNAScan ClamAV 0.91 2007.08.21 Fathom DrWeb 4.33 2007.08.21 Trojan.Packed.142 eSafe 7.0.15.0 2007.08.20 Suspicious Trojan/Worm eTrust-Vet 31.1.5076 2007.08.21 Win32/Sintun.AC Ewido 4.0 2007.08.21 - FileAdvisor 1 2007.08.21 - Fortinet 2.91.0.0 2007.08.21 - F-Prot 4.3.2.48 2007.08.20 W32/Fathom.1-based!Maximus F-Secure 6.70.13030.0 2007.08.21 - Ikarus T3.1.1.12 2007.08.21 - Kaspersky 4.0.2.24 2007.08.21 - McAfee 5101 2007.08.20 - Microsoft 1.2803 2007.08.21 - NOD32v2 2473 2007.08.21 - Norman 5.80.02 2007.08.21 - Panda 9.0.0.4 2007.08.21 - Prevx1 V2 2007.08.21 - Rising 19.37.12.00 2007.08.21 - Sophos 4.20.0 2007.08.21 Mal/Dorf-E Sunbelt 2.2.907.0 2007.08.21 VIPRE.Suspicious Symantec 10 2007.08.21 Trojan.Packed.13 TheHacker 6.1.8.171 2007.08.21 - VBA32 3.12.2.2 2007.08.21 MalwareScope.Worm.Nuwar-Glowa.1 VirusBuster 4.3.26:9 2007.08.21 - Webwasher-Gateway 6.0.1 2007.08.21 Worm.Zhelatin.Gen Additional information File size: 114666 bytes MD5: fef238a7164d7a902e1285554e6d1708 SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.) |
|
|
|
07-11-2007, 10:45 PM
|
#4 |
|
Guest
Posts: n/a
|
Re: Latest gimmick in malware dispersal?
On Tue, 21 Aug 2007 12:30:36 -0400, "David W. Hodgins"
<dwhodgins@nomail.afraid.org> wrote: >On Tue, 21 Aug 2007 10:05:53 -0400, Duh_OZ <ozzy.kopec@gmail.com> wrote: > >> Here's a munged one - remove the x's in the IP address if you care to >> visit and see what malware is trying to make the rounds. > > From virustotal ... > >File applet.exe received on 08.21.2007 18:12:41 (CET) >Current status: finished >Result: 14/32 (43.75%) > Compact >Print results Antivirus Version Last Update Result >AhnLab-V3 2007.8.22.0 2007.08.21 - >AntiVir 7.4.1.62 2007.08.21 WORM/Zhelatin.Gen >Authentium 4.93.8 2007.08.20 Possibly a new variant of W32/Fathom.1-based!Maximus >Avast 4.7.1029.0 2007.08.20 - >AVG 7.5.0.484 2007.08.20 Downloader.Tibs.7.D >BitDefender 7.2 2007.08.21 - >CAT-QuickHeal 9.00 2007.08.21 (Suspicious) - DNAScan >ClamAV 0.91 2007.08.21 Fathom >DrWeb 4.33 2007.08.21 Trojan.Packed.142 >eSafe 7.0.15.0 2007.08.20 Suspicious Trojan/Worm >eTrust-Vet 31.1.5076 2007.08.21 Win32/Sintun.AC >Ewido 4.0 2007.08.21 - >FileAdvisor 1 2007.08.21 - >Fortinet 2.91.0.0 2007.08.21 - >F-Prot 4.3.2.48 2007.08.20 W32/Fathom.1-based!Maximus >F-Secure 6.70.13030.0 2007.08.21 - >Ikarus T3.1.1.12 2007.08.21 - >Kaspersky 4.0.2.24 2007.08.21 - >McAfee 5101 2007.08.20 - >Microsoft 1.2803 2007.08.21 - >NOD32v2 2473 2007.08.21 - >Norman 5.80.02 2007.08.21 - >Panda 9.0.0.4 2007.08.21 - >Prevx1 V2 2007.08.21 - >Rising 19.37.12.00 2007.08.21 - >Sophos 4.20.0 2007.08.21 Mal/Dorf-E >Sunbelt 2.2.907.0 2007.08.21 VIPRE.Suspicious >Symantec 10 2007.08.21 Trojan.Packed.13 >TheHacker 6.1.8.171 2007.08.21 - >VBA32 3.12.2.2 2007.08.21 MalwareScope.Worm.Nuwar-Glowa.1 >VirusBuster 4.3.26:9 2007.08.21 - >Webwasher-Gateway 6.0.1 2007.08.21 Worm.Zhelatin.Gen >Additional information >File size: 114666 bytes >MD5: fef238a7164d7a902e1285554e6d1708 >SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc >Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that >are deemed suspicious through heuristics. From jotti ........ A-Squared Found nothing AntiVir Found WORM/Zhelatin.Gen ArcaVir Found Trojan.W32.Lager.Dr47 Avast Found Win32:Zhelatin-ANZ AVG Antivirus Found Downloader.Tibs.7.D BitDefender Found DeepScan:Generic.Malware.FMPH@mmign.B93F3761 ClamAV Found Fathom CPsecure Found nothing Dr.Web Found Trojan.Packed.142 F-Prot Found Possibly a new variant of W32/Fathom.2-based!Maximus F-Secure Found nothing Fortinet Found nothing Kaspersky Found Email-Worm.Win32.Zhelatin.hc NOD32 Found Win32/Nuwar.Gen Norman Virus Control Found nothing Panda Found nothing Rising Antivirus Found nothing Sophos Found Mal/Dorf-E VirusBuster Found nothing VBA32 Found MalwareScope.Worm.Nuwar-Glowa.1 Art |
|
|
|
07-11-2007, 10:45 PM
|
#5 |
|
Guest
Posts: n/a
|
Re: Latest gimmick in malware dispersal?
Thanks guys. You would think getting bombarded with different
'please re-register' or what-ever would kind of defeat the purpose of getting folks to download the malware :0) |
|
|
|
07-11-2007, 10:45 PM
|
#6 |
|
Guest
Posts: n/a
|
Re: Latest gimmick in malware dispersal?
Duh_OZ wrote:
> Finally stopped (in the last 24 hours anyway) getting the greeting > card e-mails, but now I'm getting "new login" e-mails that request you > download software to change your user ID to various sites. > > Here's a munged one - remove the x's in the IP address if you care to > visit and see what malware is trying to make the rounds. > > http://xx74.xx36.xx219.xx105/ > Why do you not just ignore the crap? |
|
|
|
07-11-2007, 10:45 PM
|
#7 |
|
Guest
Posts: n/a
|
Re: Latest gimmick in malware dispersal?
On Aug 21, 9:05 am, Duh_OZ <ozzy.ko...@gmail.com> wrote:
> Finally stopped (in the last 24 hours anyway) getting the greeting > card e-mails, but now I'm getting "new login" e-mails that request you > download software to change your user ID to various sites. > > Here's a munged one - remove the x's in the IP address if you care to > visit and see what malware is trying to make the rounds. > > http://xx74.xx36.xx219.xx105/ ========= Seems that phony youtube 'hooks' are the newest gimmick. |
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
| New To Site? | Need Help? |
Linear Mode
