Latest gimmick in malware dispersal?

  • Thread starter Thread starter Duh_OZ
  • Start date Start date
D

Duh_OZ

Finally stopped (in the last 24 hours anyway) getting the greeting
card e-mails, but now I'm getting "new login" e-mails that request you
download software to change your user ID to various sites.

Here's a munged one - remove the x's in the IP address if you care to
visit and see what malware is trying to make the rounds.

http://xx74.xx36.xx219.xx105/
 
Here's a munged one - remove the x's in the IP address if you care to
visit and see what malware is trying to make the rounds.
Click to expand...

From virustotal ...

File applet.exe received on 08.21.2007 18:12:41 (CET)
Current status: finished
Result: 14/32 (43.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.8.22.0 2007.08.21 -
AntiVir 7.4.1.62 2007.08.21 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.08.20 Possibly a new variant of W32/Fathom.1-based!Maximus
Avast 4.7.1029.0 2007.08.20 -
AVG 7.5.0.484 2007.08.20 Downloader.Tibs.7.D
BitDefender 7.2 2007.08.21 -
CAT-QuickHeal 9.00 2007.08.21 (Suspicious) - DNAScan
ClamAV 0.91 2007.08.21 Fathom
DrWeb 4.33 2007.08.21 Trojan.Packed.142
eSafe 7.0.15.0 2007.08.20 Suspicious Trojan/Worm
eTrust-Vet 31.1.5076 2007.08.21 Win32/Sintun.AC
Ewido 4.0 2007.08.21 -
FileAdvisor 1 2007.08.21 -
Fortinet 2.91.0.0 2007.08.21 -
F-Prot 4.3.2.48 2007.08.20 W32/Fathom.1-based!Maximus
F-Secure 6.70.13030.0 2007.08.21 -
Ikarus T3.1.1.12 2007.08.21 -
Kaspersky 4.0.2.24 2007.08.21 -
McAfee 5101 2007.08.20 -
Microsoft 1.2803 2007.08.21 -
NOD32v2 2473 2007.08.21 -
Norman 5.80.02 2007.08.21 -
Panda 9.0.0.4 2007.08.21 -
Prevx1 V2 2007.08.21 -
Rising 19.37.12.00 2007.08.21 -
Sophos 4.20.0 2007.08.21 Mal/Dorf-E
Sunbelt 2.2.907.0 2007.08.21 VIPRE.Suspicious
Symantec 10 2007.08.21 Trojan.Packed.13
TheHacker 6.1.8.171 2007.08.21 -
VBA32 3.12.2.2 2007.08.21 MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster 4.3.26:9 2007.08.21 -
Webwasher-Gateway 6.0.1 2007.08.21 Worm.Zhelatin.Gen
Additional information
File size: 114666 bytes
MD5: fef238a7164d7a902e1285554e6d1708
SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
are deemed suspicious through heuristics.
 
From virustotal ...

File applet.exe received on 08.21.2007 18:12:41 (CET)
Current status: finished
Result: 14/32 (43.75%)
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2007.8.22.0 2007.08.21 -
AntiVir 7.4.1.62 2007.08.21 WORM/Zhelatin.Gen
Authentium 4.93.8 2007.08.20 Possibly a new variant of W32/Fathom.1-based!Maximus
Avast 4.7.1029.0 2007.08.20 -
AVG 7.5.0.484 2007.08.20 Downloader.Tibs.7.D
BitDefender 7.2 2007.08.21 -
CAT-QuickHeal 9.00 2007.08.21 (Suspicious) - DNAScan
ClamAV 0.91 2007.08.21 Fathom
DrWeb 4.33 2007.08.21 Trojan.Packed.142
eSafe 7.0.15.0 2007.08.20 Suspicious Trojan/Worm
eTrust-Vet 31.1.5076 2007.08.21 Win32/Sintun.AC
Ewido 4.0 2007.08.21 -
FileAdvisor 1 2007.08.21 -
Fortinet 2.91.0.0 2007.08.21 -
F-Prot 4.3.2.48 2007.08.20 W32/Fathom.1-based!Maximus
F-Secure 6.70.13030.0 2007.08.21 -
Ikarus T3.1.1.12 2007.08.21 -
Kaspersky 4.0.2.24 2007.08.21 -
McAfee 5101 2007.08.20 -
Microsoft 1.2803 2007.08.21 -
NOD32v2 2473 2007.08.21 -
Norman 5.80.02 2007.08.21 -
Panda 9.0.0.4 2007.08.21 -
Prevx1 V2 2007.08.21 -
Rising 19.37.12.00 2007.08.21 -
Sophos 4.20.0 2007.08.21 Mal/Dorf-E
Sunbelt 2.2.907.0 2007.08.21 VIPRE.Suspicious
Symantec 10 2007.08.21 Trojan.Packed.13
TheHacker 6.1.8.171 2007.08.21 -
VBA32 3.12.2.2 2007.08.21 MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster 4.3.26:9 2007.08.21 -
Webwasher-Gateway 6.0.1 2007.08.21 Worm.Zhelatin.Gen
Additional information
File size: 114666 bytes
MD5: fef238a7164d7a902e1285554e6d1708
SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
are deemed suspicious through heuristics.
Click to expand...

From jotti ........
A-Squared Found nothing
AntiVir Found WORM/Zhelatin.Gen
ArcaVir Found Trojan.W32.Lager.Dr47
Avast Found Win32:Zhelatin-ANZ
AVG Antivirus Found Downloader.Tibs.7.D
BitDefender Found DeepScan:[email protected]
ClamAV Found Fathom
CPsecure Found nothing
Dr.Web Found Trojan.Packed.142
F-Prot Found Possibly a new variant of W32/Fathom.2-based!Maximus
F-Secure Found nothing
Fortinet Found nothing
Kaspersky Found Email-Worm.Win32.Zhelatin.hc
NOD32 Found Win32/Nuwar.Gen
Norman Virus Control Found nothing
Panda Found nothing
Rising Antivirus Found nothing
Sophos Found Mal/Dorf-E
VirusBuster Found nothing
VBA32 Found MalwareScope.Worm.Nuwar-Glowa.1

Art
 
Thanks guys. You would think getting bombarded with different
'please re-register' or what-ever would kind of defeat the purpose of
getting folks to download the malware :0)
 
Duh_OZ said:
Finally stopped (in the last 24 hours anyway) getting the greeting
card e-mails, but now I'm getting "new login" e-mails that request you
download software to change your user ID to various sites.

Here's a munged one - remove the x's in the IP address if you care to
visit and see what malware is trying to make the rounds.

http://xx74.xx36.xx219.xx105/
Click to expand...

Why do you not just ignore the crap?
 
Finally stopped (in the last 24 hours anyway) getting the greeting
card e-mails, but now I'm getting "new login" e-mails that request you
download software to change your user ID to various sites.

Here's a munged one - remove the x's in the IP address if you care to
visit and see what malware is trying to make the rounds.

http://xx74.xx36.xx219.xx105/
Click to expand...

=========
Seems that phony youtube 'hooks' are the newest gimmick.
 
Back
Top