CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

Storm worm loveyou.exe

 
Post new topic   Reply to topic       All -> FavForums -> Unknown Files [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
AlphaCentauri

SIRT Handler
Premium Member

Joined: Nov 20, 2003
Posts: 2703

Premium

PostPosted: Tue Jun 03, 2008 12:40 am    Post subject: Storm worm loveyou.exe
Reply with quote

Storm worm e-cards are back:

Quote:
Subject: You have touched my heart

Missing you http://190.51.44.73/


VirusTotal
Result: 4/32 (12.5%)
AhnLab-V3 2008.5.30.1 2008.06.02 -
AntiVir 7.8.0.26 2008.06.02 -
Authentium 5.1.0.4 2008.06.02 -
Avast 4.8.1195.0 2008.06.02 -
AVG 7.5.0.516 2008.06.02 -
BitDefender 7.2 2008.06.03 Trojan.Peed.PJ
CAT-QuickHeal 9.50 2008.06.02 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.06.02 -
DrWeb 4.44.0.09170 2008.06.02 -
eSafe 7.0.15.0 2008.06.02 Suspicious File
eTrust-Vet 31.4.5844 2008.06.03 -
Ewido 4.0 2008.06.02 -
F-Prot 4.4.4.56 2008.06.02 -
F-Secure 6.70.13260.0 2008.06.03 -
Fortinet 3.14.0.0 2008.06.02 -
GData 2.0.7306.1023 2008.06.02 -
Ikarus T3.1.1.26.0 2008.06.03 -
Kaspersky 7.0.0.125 2008.06.03 -
McAfee 5308 2008.06.02 -
Microsoft 1.3604 2008.06.03 -
NOD32v2 3153 2008.06.03 -
Norman 5.80.02 2008.06.02 -
Panda 9.0.0.4 2008.06.02 -
Prevx1 V2 2008.06.03 -
Rising 20.47.02.00 2008.06.02 -
Sophos 4.29.0 2008.06.03 Mal/Dorf-N
Sunbelt 3.0.1139.1 2008.05.29 -
Symantec 10 2008.06.03 -
TheHacker 6.2.92.332 2008.06.03 -
VBA32 3.12.6.6 2008.06.01 -
VirusBuster 4.3.26:9 2008.06.02 -
Webwasher-Gateway 6.6.2 2008.06.03 -
Additional information
File size: 140801 bytes
MD5...: 8222401f37364c91ba60e802f1ef58a1
SHA1..: 5a3700b62d10ca555fe3a5a55cb64e4b829ae684
SHA256: 1fb430ae2bcbf756f266a8777814268fa1906a20e5733380f65c9559840e4da5
SHA512: 02bdd9ebdb4a52b6ab3402a872320bae1696aaedd4b9fb5d601b685281eec805
1c9547b3bc528d021668f386c54f899f5e49b0cee2c06f40f5f0196f110d5cb5

Jotti:
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Peed.PJ
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/Dorf-N
VirusBuster
Found nothing
VBA32
Found nothing
Back to top
View users profile Send private message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5770

MIRT Premium

PostPosted: Tue Jun 03, 2008 7:41 pm    Post subject:
Reply with quote

I've added the file to the malware listserv.

CastleCops Link/p1095524-MD5_8222401f37364c91ba60e802f1ef58a1_loveyou_exe.html


_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Back to top
View users profile Send private message
AlphaCentauri

SIRT Handler
Premium Member

Joined: Nov 20, 2003
Posts: 2703

Premium

PostPosted: Sun Jun 08, 2008 6:48 am    Post subject:
Reply with quote

Today's variant, from 189.11.212.18

Virus Total:
Result: 11/32 (34.38%)

AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.55 2008.06.06 TR/Dropper.Gen
Authentium 5.1.0.4 2008.06.08 -
Avast 4.8.1195.0 2008.06.08 -
AVG 7.5.0.516 2008.06.07 -
BitDefender 7.2 2008.06.08 Dropped:Trojan.Peed.PM
CAT-QuickHeal 9.50 2008.06.07 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.06.08 -
DrWeb 4.44.0.09170 2008.06.07 Trojan.DownLoader.62867
eSafe 7.0.15.0 2008.06.05 Suspicious File
eTrust-Vet 31.6.5855 2008.06.06 -
Ewido 4.0 2008.06.07 -
F-Prot 4.4.4.56 2008.06.08 -
F-Secure 6.70.13260.0 2008.06.08 Email-Worm.Win32.Zhelatin.zy
Fortinet 3.14.0.0 2008.06.08 -
GData 2.0.7306.1023 2008.06.08 Email-Worm.Win32.Zhelatin.zy
Ikarus T3.1.1.26.0 2008.06.08 -
Kaspersky 7.0.0.125 2008.06.08 Email-Worm.Win32.Zhelatin.zy
McAfee 5312 2008.06.06 -
Microsoft 1.3604 2008.06.08 Backdoor:Win32/Nuwar.A
NOD32v2 3165 2008.06.06 -
Norman 5.80.02 2008.06.06 -
Panda 9.0.0.4 2008.06.07 -
Prevx1 V2 2008.06.08 -
Rising 20.47.42.00 2008.06.06 -
Sophos 4.30.0 2008.06.08 Mal/Dorf-N
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.08 -
TheHacker 6.2.92.339 2008.06.07 -
VBA32 3.12.6.7 2008.06.07 -
VirusBuster 4.3.26:9 2008.06.07 -
Webwasher-Gateway 6.6.2 2008.06.07 Trojan.Dropper.Gen
Additional information
File size: 118784 bytes
MD5...: b287d42330e0bdbab52c909488d53a9b
SHA1..: 8d4138507a836cf255be4f568305c19cda190d9f
SHA256: 03f625ea8c05c4f35ad4901c612aca60a7b4bb76bcd7e267c8a583a81bacfbc9
SHA512: 16500abcda01fa691441db00496566fa7b07f647501571e8a18a822b4fbfbbc4
b90ee2b642c51caf48e57ab2baf2143c35bbd1265db1ef14070dccafc823a47a
Back to top
View users profile Send private message
tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5770

MIRT Premium

PostPosted: Sun Jun 08, 2008 1:12 pm    Post subject:
Reply with quote

Thanks, I've added it to the malware listserv.

CastleCops Link/p1096998-MD5_b287d42330e0bdbab52c909488d53a9b_loveyou_exe.html


_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Unknown Files All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
147ppm 0.287s (0.081s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer