CastleCops® Wachovia Bank malware/phish

Need help? Click here to register for free! Absolutely zero advertisements on this site!

**$9736.22 of $21422.68**

Help CastleCops serve the community on new servers, Donate Here to reach our goal.

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Survey

Forum FAQ

Usergroups

Profile

Select FavForums

Wachovia Bank malware/phish

All -> FavForums -> Unknown Files

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

AlphaCentauri

SIRT Handler
Premium Member

Joined: Nov 20, 2003
Posts: 2776

Posted: Mon Jun 02, 2008 5:31 pm Post subject: Wachovia Bank malware/phish

spammed link is http://commercial.wachovia.online.financial.business.cmserver.access1h5p9b0n2f9h0z1.default.servletdologin.verify3d9v3g1e3l1q1z5.cfm.cashman766.com/Service.htm loads Wachovia_Certificatev102.exe via page refresh VirusTotal AhnLab-V3 2008.5.30.1 2008.06.02 - AntiVir 7.8.0.26 2008.06.02 HEUR/Malware Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.06.02 - AVG 7.5.0.516 2008.06.02 - BitDefender 7.2 2008.06.02 Generic.Malware.dld!!.FC800E5F CAT-QuickHeal 9.50 2008.06.02 - ClamAV 0.92.1 2008.06.02 - DrWeb 4.44.0.09170 2008.06.02 Trojan.DownLoader.origin eSafe 7.0.15.0 2008.06.02 - eTrust-Vet 31.4.5842 2008.06.02 - Ewido 4.0 2008.06.02 - F-Prot 4.4.4.56 2008.06.01 - F-Secure 6.70.13260.0 2008.06.02 - Fortinet 3.14.0.0 2008.06.02 - GData 2.0.7306.1023 2008.06.02 - Ikarus T3.1.1.26.0 2008.06.02 - Kaspersky 7.0.0.125 2008.06.02 - McAfee 5308 2008.06.02 - Microsoft 1.3520 2008.06.02 - NOD32v2 3152 2008.06.02 - Norman 5.80.02 2008.06.02 - Panda 9.0.0.4 2008.06.02 - Prevx1 V2 2008.06.02 - Rising 20.47.02.00 2008.06.02 - Sophos 4.29.0 2008.06.02 Mal/Behav-112 Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.02 - TheHacker 6.2.92.331 2008.06.02 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.06.02 - Webwasher-Gateway 6.6.2 2008.06.02 Heuristic.Malware Jotti A-Squared Found nothing AntiVir Found HEUR/Malware ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Generic.Malware.dld!!.FC800E5F ClamAV Found nothing CPsecure Found nothing Dr.Web Found Trojan.DownLoader.origin F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found Win32.SuspectCrc Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found Mal/Behav-112 VirusBuster Found nothing VBA32 Found nothing

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5805

Posted: Mon Jun 02, 2008 8:07 pm Post subject:

The file appears to download another file from

Code:

http://124.217.248.143/cb_1.exe

I'll add both files to the malware listserv.

_________________
Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender.

Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

	All -> FavForums -> Unknown Files	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 154ppm 0.255s (0.053s) Making cybercriminals unhappy since 2002*