| View previous topic :: View next topic |
| Author |
Message |
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2858
|
 Posted: Fri May 16, 2008 4:51 pm Post subject: new redir.html/video.exe site malware |
|
|
I was spammed for http://www.sural-autoparts.com/redir.html (redirects to atbetter.com, a Canadian Pharmacy site) and as expected, there is malware at http://www.sural-autoparts.com/video.exe . Detection is pretty pathetic:
VirusTotal
File sural.video.exe.txt received on 05.16.2008 18:24:30 (CET)
Result: 6/32 (18.75%)
Antivirus Version Last Update Result
AhnLab-V3 2008.5.16.0 2008.05.16 -
AntiVir 7.8.0.19 2008.05.16 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.05.16 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.16 Downloader.Zlob.12.AH
BitDefender 7.2 2008.05.16 -
CAT-QuickHeal 9.50 2008.05.15 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.05.16 -
DrWeb 4.44.0.09170 2008.05.16 -
eSafe 7.0.15.0 2008.05.16 Suspicious File
eTrust-Vet 31.4.5788 2008.05.14 -
Ewido 4.0 2008.05.14 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.16 -
Fortinet 3.14.0.0 2008.05.15 -
GData 2.0.7306.1023 2008.05.16 -
Ikarus T3.1.1.26.0 2008.05.16 -
Kaspersky 7.0.0.125 2008.05.16 -
McAfee 5296 2008.05.16 -
Microsoft 1.3408 2008.05.13 -
NOD32v2 3105 2008.05.16 -
Norman 5.80.02 2008.05.16 -
Panda 9.0.0.4 2008.05.15 -
Prevx1 V2 2008.05.16 -
Rising 20.44.32.00 2008.05.15 -
Sophos 4.29.0 2008.05.16 Mal/EncPk-DA
Sunbelt 3.0.1114.0 2008.05.12 -
Symantec 10 2008.05.16 -
TheHacker 6.2.92.311 2008.05.15 -
VBA32 3.12.6.6 2008.05.16 -
VirusBuster 4.3.26:9 2008.05.16 -
Webwasher-Gateway 6.6.2 2008.05.16 Trojan.Crypt.XPACK.Gen
Additional information
File size: 102400 bytes
MD5...: b4d93018de4550068e4f1142e9788fec
SHA1..: 241bd879294b0f21bd97f9fecf3b11c354d913a5
SHA256: bc9f50775cea15565329319d47cbe9cfee632ac946041188084d52f96da9f168
SHA512: 7d11732b8aaed7f8f14338a88edb507e8bf287af2e3c5c111620bdaa7ddc9f70
4b645cf9227bd997e43831a738ab3007e3150de81a00232bfe34499adb97d3f0
Jotti:
Scan taken on 16 May 2008 16:29:51 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Crypt.XPACK.Gen
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found Downloader.Zlob.12.AH
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/EncPk-DA
VirusBuster
Found nothing
VBA32
Found nothing
|
|
| Back to top |
|
 |
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5862
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2858
|
| Posted: Mon May 26, 2008 1:27 am Post subject: |
|
|
today's version
| Quote: | Subject: 80% off for [email userid]
Hello, make a wise decision, purchase your meds from the most well-known onine shop.http://ad.doubleclick.net/click;h=FialYS;~sscs=%3fhttp://216.104.177.179/redir.html Discount Code #Ifn8fairleigh winfred |
Same server has malware at 216.104.177.179/video.exe
Looks like its back to being storm again:
9/32
Antivirus Version Last Update Result
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.25 -
Authentium 5.1.0.4 2008.05.26 -
Avast 4.8.1195.0 2008.05.25 -
AVG 7.5.0.516 2008.05.25 -
BitDefender 7.2 2008.05.26 -
CAT-QuickHeal 9.50 2008.05.24 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.05.25 -
DrWeb 4.44.0.09170 2008.05.25 -
eSafe 7.0.15.0 2008.05.25 Suspicious File
eTrust-Vet 31.4.5817 2008.05.23 -
Ewido 4.0 2008.05.25 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.26 Trojan-Downloader.Win32.Exchanger.bh
Fortinet 3.14.0.0 2008.05.25 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.26 MalwareScope.Worm.Nuwar-Glowa.1
Kaspersky 7.0.0.125 2008.05.26 Trojan-Downloader.Win32.Exchanger.bh
McAfee 5302 2008.05.23 -
Microsoft 1.3520 2008.05.26 Trojan:Win32/Tibs.gen!lds
NOD32v2 3128 2008.05.23 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.25 -
Prevx1 V2 2008.05.26 -
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.25 Mal/EncPk-DA
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.25 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.25 MalwareScope.Worm.Nuwar-Glowa.1
VirusBuster 4.3.26:9 2008.05.25 -
Webwasher-Gateway 6.6.2 2008.05.25 Worm.Win32.Malware.gen (suspicious)
Additional information
File size: 107008 bytes
MD5...: 17fd0cc1a262c371333943097a004d0a
SHA1..: 4975caa9f8bbc595c1d4c77d1123b626e31cbe6d
SHA256: 8cb092e83c0ac9c1589881b6d2084b973e80ea4d18a5b3e416c57c0376eb4ed4
SHA512: 77394ccb44fc7678b52acea4e3baacbc7a3ae08bb9b2772a7af0799c8ec5d293
cfd4cf494dcd1876504ea94715e454a2367325c5a298a002e951a08977892a98
|
|
| Back to top |
|
|
tetak
MIRT Team Lead
Premium Member
Joined: Jan 19, 2007
Posts: 5862
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
