Latest gimmick in malware dispersal?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Finally stopped (in the last 24 hours anyway) getting the greeting
card e-mails, but now I'm getting "new login" e-mails that request you
download software to change your user ID to various sites.

Here's a munged one - remove the x's in the IP address if you care to
visit and see what malware is trying to make the rounds.

http://xx74.xx36.xx219.xx105 /


Re: Latest gimmick in malware dispersal?

wrote:

Quoted text here. Click to load it

Storm
http://isc.sans.org/diary.html?storyid=3298
http://www.f-secure.com/weblog/archives/archive-082007.html#00001255

--
Clay mania dot com

Re: Latest gimmick in malware dispersal?


Quoted text here. Click to load it

 From virustotal ...

File applet.exe received on 08.21.2007 18:12:41 (CET)
Current status:    finished
Result: 14/32 (43.75%)
  Compact
Print results  Antivirus    Version    Last Update    Result
AhnLab-V3    2007.8.22.0    2007.08.21    -
AntiVir    7.4.1.62    2007.08.21    WORM/Zhelatin.Gen
Authentium    4.93.8    2007.08.20    Possibly a new variant of W32/Fathom.1-based!Maximus
Avast    4.7.1029.0    2007.08.20    -
AVG    7.5.0.484    2007.08.20    Downloader.Tibs.7.D
BitDefender    7.2    2007.08.21    -
CAT-QuickHeal    9.00    2007.08.21    (Suspicious) - DNAScan
ClamAV    0.91    2007.08.21    Fathom
DrWeb    4.33    2007.08.21    Trojan.Packed.142
eSafe    7.0.15.0    2007.08.20    Suspicious Trojan/Worm
eTrust-Vet    31.1.5076    2007.08.21    Win32/Sintun.AC
Ewido    4.0    2007.08.21    -
FileAdvisor    1    2007.08.21    -
Fortinet    2.91.0.0    2007.08.21    -
F-Prot    4.3.2.48    2007.08.20    W32/Fathom.1-based!Maximus
F-Secure    6.70.13030.0    2007.08.21    -
Ikarus    T3.1.1.12    2007.08.21    -
Kaspersky    4.0.2.24    2007.08.21    -
McAfee    5101    2007.08.20    -
Microsoft    1.2803    2007.08.21    -
NOD32v2    2473    2007.08.21    -
Norman    5.80.02    2007.08.21    -
Panda    9.0.0.4    2007.08.21    -
Prevx1    V2    2007.08.21    -
Rising    19.37.12.00    2007.08.21    -
Sophos    4.20.0    2007.08.21    Mal/Dorf-E
Sunbelt    2.2.907.0    2007.08.21    VIPRE.Suspicious
Symantec    10    2007.08.21    Trojan.Packed.13
TheHacker    6.1.8.171    2007.08.21    -
VBA32    3.12.2.2    2007.08.21    MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster    4.3.26:9    2007.08.21    -
Webwasher-Gateway    6.0.1    2007.08.21    Worm.Zhelatin.Gen
Additional information
File size: 114666 bytes
MD5: fef238a7164d7a902e1285554e6d1708
SHA1: c0c853edf099cce5f224e21de3ded0e40feb43dc
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
are deemed suspicious through heuristics.


--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Latest gimmick in malware dispersal?

On Tue, 21 Aug 2007 12:30:36 -0400, "David W. Hodgins"

Quoted text here. Click to load it

From jotti ........
 A-Squared  Found nothing
AntiVir     Found WORM/Zhelatin.Gen
ArcaVir     Found Trojan.W32.Lager.Dr47
Avast     Found Win32:Zhelatin-ANZ
AVG Antivirus Found Downloader.Tibs.7.D
BitDefender Found DeepScan:Generic.Malware.FMPH@mmign.B93F3761
ClamAV     Found Fathom
CPsecure Found nothing
Dr.Web Found Trojan.Packed.142
F-Prot Found Possibly a new variant of W32/Fathom.2-based!Maximus
F-Secure Found nothing
Fortinet Found nothing
Kaspersky Found Email-Worm.Win32.Zhelatin.hc
NOD32     Found Win32/Nuwar.Gen
Norman Virus Control Found nothing
Panda      Found nothing
Rising Antivirus     Found nothing
Sophos  Found Mal/Dorf-E
VirusBuster Found nothing
VBA32     Found MalwareScope.Worm.Nuwar-Glowa.1
 
Art

Re: Latest gimmick in malware dispersal?

Thanks guys.   You would think getting bombarded with different
'please re-register' or what-ever would kind of defeat the purpose of
getting folks to download the malware :0)



Re: Latest gimmick in malware dispersal?

Duh_OZ wrote:
Quoted text here. Click to load it

Why do you not just ignore the crap?


Re: Latest gimmick in malware dispersal?

Quoted text here. Click to load it

=========
Seems that phony youtube 'hooks' are the newest gimmick.


Site Timeline