USA Missle Strike: Iran War just have started

[Duh_OZ]

Well, not really ;-) The subject heading's spelling error and
improper grammar should be a hint that the attached file is malware
LOL.

Got one of the e-mails containing the newest spreading malware making
the rounds. Submitted it (news.exe) to VirusTotal, results below.
(Sorry a typo so I had it scanned in the Spanish page).. For shame to
McAfee for missing it!

F-Secure write up:
http://www.f-secure.com/v-descs/email-worm_w32_zhelatin_cq.shtml


AhnLab-V3 2007.4.10.0 09.04.2007 no ha encontrado virus
AntiVir 7.3.1.48 09.04.2007 TR/Small.DBY.BS
Authentium 4.93.8 08.04.2007 W32/Trojan.ADUB
Avast 4.7.936.0 08.04.2007 no ha encontrado virus
AVG 7.5.0.447 08.04.2007 no ha encontrado virus
BitDefender 7.2 09.04.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 09.04.2007 (Suspicious) - DNAScan
ClamAV devel-20070312 09.04.2007 Trojan.Small-1604
DrWeb 4.33 09.04.2007 Trojan.Packed.80
eSafe 7.0.15.0 08.04.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3549 06.04.2007 no ha encontrado virus
Ewido 4.0 09.04.2007 no ha encontrado virus
FileAdvisor 1 09.04.2007 no ha encontrado virus
Fortinet 2.85.0.0 09.04.2007 W32/Tibs.LO@mm
F-Prot 4.3.1.45 08.04.2007 W32/Trojan.ADUB
F-Secure 6.70.13030.0 09.04.2007 Email-Worm.Win32.Zhelatin.cq
Ikarus T3.1.1.3 09.04.2007 Trojan.Peed
Kaspersky 4.0.2.24 09.04.2007 Email-Worm.Win32.Zhelatin.cq
McAfee 5003 06.04.2007 no ha encontrado virus
Microsoft 1.2405 09.04.2007 no ha encontrado virus
NOD32v2 2175 09.04.2007 Win32/Nuwar.gen
Norman 5.80.02 09.04.2007 no ha encontrado virus
Panda 9.0.0.4 09.04.2007 no ha encontrado virus
Prevx1 V2 09.04.2007 Polynomial.Code.Exploit
Sophos 4.16.0 06.04.2007 no ha encontrado virus
Sunbelt 2.2.907.0 07.04.2007 VIPRE.Suspicious
Symantec 10 09.04.2007 Trojan.Packed.13
TheHacker 6.1.6.088 09.04.2007 no ha encontrado virus
VBA32 3.11.3 09.04.2007 no ha encontrado virus
VirusBuster 4.3.7:9 08.04.2007 no ha encontrado virus
Webwasher-Gateway 6.0.1 09.04.2007 Trojan.Small.DBY.BS

 

[David H. Lipman]

From: "Duh_OZ" <[email protected]>

| Well, not really ;-) The subject heading's spelling error and
| improper grammar should be a hint that the attached file is malware
| LOL.
|
| Got one of the e-mails containing the newest spreading malware making
| the rounds. Submitted it (news.exe) to VirusTotal, results below.
| (Sorry a typo so I had it scanned in the Spanish page).. For shame to
| McAfee for missing it!
|
| F-Secure write up:
| http://www.f-secure.com/v-descs/email-worm_w32_zhelatin_cq.shtml
|

< snip >

One of the ones I recveived had the subject "Iran starts World War III"

McAfee has been doing piss poor lately and is falling behind rapidly.

 

[Duh_OZ]

F-Secure write up:http://www.f-secure.com/v-descs/email-worm_w32_zhelatin_cq.shtml

Starting to get the 'ole postcard and flash_postcard attachments -
most likely from idiots running the news.exe malware attachment.
Scan of both files below.

Still only one one account (I have 9 e-mail addresses LOL). gmail
is filtering out the phony M$ update attachments- don't have a chance
to get to them ;-(

flash_postcard scan:
==========
AhnLab-V3 2007.4.12.0 04.12.2007 no virus found
AntiVir 7.3.1.50 04.12.2007 TR/Small.DBY.BW
Authentium 4.93.8 04.12.2007 W32/Trojan.AEJV
Avast 4.7.936.0 04.11.2007 no virus found
AVG 7.5.0.447 04.12.2007 no virus found
BitDefender 7.2 04.12.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 04.12.2007 (Suspicious) - DNAScan
ClamAV devel-20070312 04.12.2007 Trojan.Small-1641
DrWeb 4.33 04.12.2007 no virus found
eSafe 7.0.15.0 04.12.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3562 04.12.2007 no virus found
Ewido 4.0 04.12.2007 no virus found
FileAdvisor 1 04.12.2007 no virus found
Fortinet 2.85.0.0 04.12.2007 suspicious
F-Prot 4.3.2.48 04.12.2007 W32/Trojan.AEJV
F-Secure 6.70.13030.0 04.12.2007 Email-Worm.Win32.Zhelatin.ct
Ikarus T3.1.1.5 04.12.2007 Email-Worm.Win32.Zhelatin.ct
Kaspersky 4.0.2.24 04.12.2007 Email-Worm.Win32.Zhelatin.ct
McAfee 5006 04.11.2007 no virus found
Microsoft 1.2405 04.12.2007 no virus found
NOD32v2 2184 04.12.2007 Win32/Nuwar.Gen
Norman 5.80.02 04.12.2007 no virus found
Panda 9.0.0.4 04.12.2007 no virus found
Prevx1 V2 04.12.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.12.2007 Trojan.Packed.13
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.12.2007 no virus found
VirusBuster 4.3.7:9 04.12.2007 no virus found
Webwasher-Gateway 6.0.1 04.12.2007 Trojan.Small.DBY.BW
=========

postcard.exe (Hey McAfee caught one!)
=========
AhnLab-V3 2007.4.12.0 04.12.2007 no virus found
AntiVir 7.3.1.50 04.12.2007 TR/Small.DBY.BV
Authentium 4.93.8 04.12.2007 W32/Trojan.ADVQ
Avast 4.7.936.0 04.11.2007 no virus found
AVG 7.5.0.447 04.12.2007 Downloader.Tibs.4.AC
BitDefender 7.2 04.12.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 04.12.2007 I-Worm.Zhelatine.ch
ClamAV devel-20070312 04.12.2007 Trojan.Small-1610
DrWeb 4.33 04.12.2007 Trojan.Packed.83
eSafe 7.0.15.0 04.12.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3562 04.12.2007 no virus found
Ewido 4.0 04.12.2007 no virus found
FileAdvisor 1 04.12.2007 no virus found
Fortinet 2.85.0.0 04.12.2007 W32/PkTibs.fam!tr
F-Prot 4.3.2.48 04.12.2007 W32/Trojan.ADVQ
F-Secure 6.70.13030.0 04.12.2007 Email-Worm.Win32.Zhelatin.cs
Ikarus T3.1.1.5 04.12.2007 Email-Worm.Win32.Zhelatin.cs
Kaspersky 4.0.2.24 04.12.2007 Email-Worm.Win32.Zhelatin.cs
McAfee 5006 04.11.2007 New Malware.br
Microsoft 1.2405 04.12.2007 no virus found
NOD32v2 2184 04.12.2007 Win32/Nuwar.Gen
Norman 5.80.02 04.12.2007 no virus found
Panda 9.0.0.4 04.12.2007 no virus found
Prevx1 V2 04.12.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.12.2007 Trojan.Packed.13
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.12.2007 no virus found
VirusBuster 4.3.7:9 04.12.2007 Trojan.Tibs.Gen!Pac.95
Webwasher-Gateway 6.0.1 04.12.2007 Trojan.Small.DBY.BV
========