|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
xJSTx
Captain
Joined: Apr 02, 2007
Posts: 691
Location: UK
|
 Posted: Fri Apr 06, 2007 1:42 pm Post subject: arpa.org |
|
|
The first 2 files do not appear to be hosted on that website to infect users, it has this note.
| Quote: | WARNING
THE PROGRAMS AND FILES CONTAINED HEREIN ARE DANGEROUS AND ARE ONLY PRESENTED HERE FOR ARCHIVAL PURPOSES. THEY INCLUDE TROJANS, WORMS, SPYWARE, AND OTHER MALICIOUS UTILITIES FOUND ON HACKED SYSTEMS. DOWNLOAD AND DISSECT THESE FILES AT YOUR OWN RISK, AND DO NOT, UNDER ANY CIRCUMSTANCES, RUN THEM ON A SYSTEM CONNECTED TO THE INTERNET.
|
So I don't think the host needs to be reported since the files are there for archiving/analysis. But these 2 files don't seem to be detected enough.
| Code: | | http://ditto.arpa.org/~phelix/dnr/sex.exe |
VirusTotal (detected by 13 out of 31) a bit under %50
AhnLab-V3 2007.4.5.0 04.05.2007 no virus found
AntiVir 7.3.1.48 04.05.2007 BDS/Kanallar.1
Authentium 4.93.8 04.04.2007 no virus found
Avast 4.7.936.0 04.05.2007 Win32:Trojan-gen. {Other}
AVG 7.5.0.447 04.05.2007 no virus found
BitDefender 7.2 04.06.2007 Backdoor.Mirc.I
CAT-QuickHeal 9.00 04.05.2007 TrojanDropper.Joiner.aj
ClamAV devel-20070312 04.06.2007 no virus found
DrWeb 4.33 04.05.2007 Trojan.MulDrop.970
eSafe 7.0.15.0 04.05.2007 no virus found
eTrust-Vet 30.7.3546 04.06.2007 no virus found
Ewido 4.0 04.05.2007 no virus found
FileAdvisor 1 04.06.2007 no virus found
Fortinet 2.85.0.0 04.06.2007 W32/Kelebek.F!tr.bdr
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.05.2007 Backdoor.IRC.Kelebek.f
Ikarus T3.1.1.3 04.05.2007 Trojan-Dropper.Win32.Joiner.aj
Kaspersky 4.0.2.24 04.06.2007 Backdoor.Win32.mIRC-based
McAfee 5002 04.05.2007 IRC/Flood.gen.dr
Microsoft 1.2405 04.06.2007 no virus found
NOD32v2 2170 04.05.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.05.2007 Suspicious file
Prevx1 V2 04.06.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.03.2007 no virus found
Symantec 10 04.06.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.04.2007 Trojan-Dropper.Win32.Joiner.aj
VirusBuster 4.3.7:9 04.05.2007 no virus found
Webwasher-Gateway 6.0.1 04.06.2007 Trojan.Flood.IRC.1
Aditional Information
File size: 941422 bytes
MD5: ba157cdb000fdadfefdccbb27ce0fca7
SHA1: 630eb4dc7fc86db919587b713117ae08f6ae2959
| Code: | | http://ditto.arpa.org/~phelix/dnr/MOBiZONE.v1.4.exe |
VirusTotal (detected by 2 out of 31)
AhnLab-V3 2007.4.5.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.06.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.05.2007 no virus found
AVG 7.5.0.447 04.05.2007 no virus found
BitDefender 7.2 04.06.2007 no virus found
CAT-QuickHeal 9.00 04.05.2007 no virus found
ClamAV devel-20070312 04.06.2007 no virus found
DrWeb 4.33 04.06.2007 no virus found
eSafe 7.0.15.0 04.06.2007 no virus found
eTrust-Vet 30.7.3546 04.06.2007 no virus found
Ewido 4.0 04.06.2007 no virus found
FileAdvisor 1 04.06.2007 no virus found
Fortinet 2.85.0.0 04.06.2007 no virus found
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.06.2007 no virus found
Ikarus T3.1.1.3 04.06.2007 not-a-virus:Client-IRC.Win32.mIRC.616
Kaspersky 4.0.2.24 04.06.2007 not-a-virus:Client-IRC.Win32.mIRC.616
McAfee 5002 04.05.2007 no virus found
Microsoft 1.2405 04.06.2007 no virus found
NOD32v2 2171 04.06.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.06.2007 no virus found
Prevx1 V2 04.06.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.03.2007 no virus found
Symantec 10 04.06.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.04.2007 no virus found
VirusBuster 4.3.7:9 04.06.2007 no virus found
Webwasher-Gateway 6.0.1 04.06.2007 no virus found
Aditional Information
File size: 1410336 bytes
MD5: 36622ae9ccddc3851bdbecfa0fe8c484
SHA1: 67723e2e058135dc5c689a62a7bf4432bbd70400
|
|
| Back to top |
|
 |
erikschorr
Cadet
Joined: Jul 09, 2008
Posts: 1
Location: USA
|
| Posted: Wed Jul 09, 2008 4:26 pm Post subject: |
|
|
I'm the owner of the arpa.org domain, and use the uname "phelix" on my website. I found this page doing a casual search for urls linking to arpa.org. Thank you for recognizing the header on the page warning about the content and purpose of the 'DNR' directory. They are archived on my system for the sole purpose of forensics and analysis by people who want to study malware.
If you've seen anyone actually linking or downloading these files from trojans or other malicious software, please let me know so I can change the files' names or add rules to prevent non-interactive downloads.
My direct email address is my posted uname at arpa.org.
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5870
|
| Posted: Thu Jul 24, 2008 10:53 pm Post subject: |
|
|
I've run both files on a test PC and one or both of them dropped a number of files which I'll take a look at.
_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.
Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
