Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Thursday, 26 August 2010

New FedEx malware run... Zbot

Been a while since I've posted to here, so thought it was about time...

A new malware run *just* came in... with a nice jpg and a not-so-nice exe in a zip file...

Submitted the exe to VirusTotal and the detection, isn't great...

Already being detected as: Sanesecurity.Malware.14529.UNOFFICIAL

Cheers,

Steve
Sanesecurity

Tuesday, 27 October 2009

Fake Facebook Password Reset Confirmation

Hi,

Has loads of these hit the inbox this morning....

Virus Total:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.41	2009.10.27	-
AhnLab-V3	5.0.0.2	2009.10.26	-
AntiVir	7.9.1.44	2009.10.26	-
Antiy-AVL	2.0.3.7	2009.10.26	-
Authentium	5.1.2.4	2009.10.27	W32/Bredolab!Generic
Avast	4.8.1351.0	2009.10.26	-
AVG	8.5.0.423	2009.10.26	Win32/Heur
BitDefender	7.2	2009.10.27	Trojan.Downloader.Bredolab.AZ
CAT-QuickHeal	10.00	2009.10.27	-
ClamAV	0.94.1	2009.10.27	-
Comodo	2744	2009.10.27	Heur.Packed.Unknown
DrWeb	5.0.0.12182	2009.10.27	-
eSafe	7.0.17.0	2009.10.25	Suspicious File
eTrust-Vet	35.1.7084	2009.10.26	-
F-Prot	4.5.1.85	2009.10.26	-
F-Secure	9.0.15370.0	2009.10.22	Trojan.Downloader.Bredolab.AZ
Fortinet	3.120.0.0	2009.10.26	-
GData	19	2009.10.27	Trojan.Downloader.Bredolab.AZ
Ikarus	T3.1.1.72.0	2009.10.27	-
Jiangmin	11.0.800	2009.10.26	-
K7AntiVirus	7.10.879	2009.10.24	-
Kaspersky	7.0.0.125	2009.10.27	Packed.Win32.Krap.w
McAfee	5783	2009.10.26	Bredolab.gen.a
McAfee+Artemis	5783	2009.10.26	Bredolab.gen.a
McAfee-GW-Edition	6.8.5	2009.10.27	-
Microsoft	1.5202	2009.10.27	TrojanDownloader:Win32/Bredolab.X
NOD32	4545	2009.10.26	-
Norman	6.03.02	2009.10.26	W32/Obfuscated.D2!genr
nProtect	2009.1.8.0	2009.10.26	-
Panda	10.0.2.2	2009.10.26	-
PCTools	4.4.2.0	2009.10.19	-
Prevx	3.0	2009.10.27	-
Rising	21.53.10.00	2009.10.27	-
Sophos	4.46.0	2009.10.27	Mal/Bredo-A
Sunbelt	3.2.1858.2	2009.10.26	Trojan.Win32.Bredolab.Gen.1 (v)
Symantec	1.4.4.12	2009.10.27	-
TheHacker	6.5.0.2.054	2009.10.26	-
TrendMicro	8.950.0.1094	2009.10.27	TROJ_BREDLAB.SMF
VBA32	3.12.10.11	2009.10.26	-
ViRobot	2009.10.27.2006	2009.10.27	-
VirusBuster	4.6.5.0	2009.10.26	-

Detected as:

Sanesecurity.Malware.12841
Sanesecurity.Malware.12842

Wednesday, 26 August 2009

Spammer Fail

A nice big...

to the spammer that sent this...

Firefox says....

I think they meant http:// not htt://

:)

Friday, 26 June 2009

michael jackson virus already :(

Well, it didn't take long for the "them" to abuse the situation did it? :(

News item, with a picture and "video" to download:

Here's the Anubis report on the "video"

Being detected as : Sanesecurity.Malware.11747.UNOFFICIAL

Update: Other article with translation here

Cheers,

Steve
Sanesecurity

Monday, 16 March 2009

Fake News/Flash Player

Interesting email came in just:

I worry about you httx: // ho.bestbreakingfree.com/news.php

Here's the "news page" that you are taken too....

Downloading the fake Player and running it through VirusTotal gives you this:

VirusTotal

As you can see the 0-hour detection rates aren't that good (3/39 scanners) :(

I'm sure we'll see more of this.