New variant of Feebs

  • Thread starter Thread starter Art
  • Start date Start date
A

Art

Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip
The message reads as:
********************
ID: 46916
Password: cdmmaieos

Message is attached.

Thank you,
Encrypted Message Service,
MSN.com
*******************
However, it's not a password protected zip. The content
is a .HTA file.

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).

Art
http://home.epix.net/~artnpeg
 
Art said:
Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip
Click to expand...

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).
Click to expand...

Kaspersky added an update for feebs.gen 2 days ago so I think that this
is not the reason for virustotal not detecting this.

http://www.kaspersky.com/viruswatchlite?search_virus=feebs&hour_offset=-3
shows that kaspersky added detection for a new variant today though.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Newer Mytob variant 2
Another new email worm 5
Another Mytob variant 6
New Bagle variant 3
Browsers ... again 5
Bagle and KAV 42
On demand scanning issues 19
Email attackment warning 6

Back
Top