New variant of Feebs

[Art]

Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip
The message reads as:
********************
ID: 46916
Password: cdmmaieos

Message is attached.

Thank you,
Encrypted Message Service,
MSN.com
*******************
However, it's not a password protected zip. The content
is a .HTA file.

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).

Art
http://home.epix.net/~artnpeg

 

[Ian Kenefick]

Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).

Kaspersky added an update for feebs.gen 2 days ago so I think that this
is not the reason for virustotal not detecting this.

http://www.kaspersky.com/viruswatchlite?search_virus=feebs&hour_offset=-3
shows that kaspersky added detection for a new variant today though.

 

[Ian Kenefick]

Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip

The detection for a new variant was added tonight. You can see the
detections to date for this here..

http://www.kaspersky.com/viruswatchlite?search_virus=feebs&hour_offset=-3