Hello!

i found Vundo.trojan with new kind of crypt/loader code;
current Nod32 not detects it as malware..
also i submitted it directly by Nod32, but yet there is not update for detection;
While at "Virustotal" there are detections by other AVs.

New year Holliday vacations??

i attached malware files zipped>Base64 encoded

LowWaterMark: malware attachments removed in keeping with forum TOS (http://www.wilderssecurity.com/tos.php). Don't upload or link to malware files.

ok, attachments are removed.
well, lets try so:

~ links removed ~

I've removed those links, too.

We don't upload or link to malware here in the public forums, that includes malware search/sharing sites.

Don't worry, Eset can access these samples if they need to.

You can send the virus sample to samples@eset.sk with "Virtumonde"in the subject.

just want to say:
i fail to send them via GMail.. that is not so easy send trojans via mail.
OK!?
BYE!

Just zip the files up in a zip file and password protect the file with the password "infected". Then you should be able to send it...

{QUOTE-> Just zip the files up in a zip file and password protect the file with the password "infected". Then you should be able to send it... <-QUOTE}


this won't work

you either need to rename the file extension from .exe to something else, like .txt or a program that can encrypt file names such as winrar or 7zip

gmail blocks .exes as attachments, so if it can see it is .exe, it blocks it

{QUOTE-> gmail blocks .exes as attachments, so if it can see it is .exe, it blocks it <-QUOTE}

Yes it will work.

A ZIP file is a ZIP file - not an EXE file even if it contains a EXE file. Plus password protecting the ZIP file encrypts the contents so GMail wouldn't know if the contents is a EXE, DOC, JPG or TXT file.

That's the whole point of zipping the file and password protecting it.

How else do you think people send samples in? Have a read through a few posts and you'll see this is the way Eset themselves ask you to send the file in.

{QUOTE-> Yes it will work. <-QUOTE}

Are u sure?, Why dont u try it before u post something. You can't send executable files in Gmail when they are inside a ZIP file, even if the file is encrypted with a password. I don't know why, but the fact is that u can't. Anyway, u can send them in RAR files.

No. You're right.

http://mail.google.com/support/bin/answer.py?answer=6590&topic=12842

{QUOTE-> As a security measure to prevent potential viruses, Gmail doesn't allow you to send or receive executable files (such as files ending in .exe) that could contain damaging executable code.
Gmail won't accept these types of files even if they are sent in a zipped (.zip, .tar, .tgz, .taz, .z, .gz) format. If this type of message is sent to your Gmail address, it is bounced back to the sender automatically. <-QUOTE}

Even if they are encrypted??

Ah, found the answer to that one then....

{QUOTE-> Pass-Protection won't work either since GMail can examine exe filenames even in password protected zipped files as the archived filename listings are not encrypted by the Zip program. <-QUOTE}


So why is RAR considered OK then?

I'm sure i used to get exe file viruses from GMail accounts in the past, but perhaps that was before this scanner was put in place.

Sorry and apols all round....

{QUOTE->

So why is RAR considered OK then? <-QUOTE}


It has an 'Encrypt file names' option.

{QUOTE-> It has an 'Encrypt file names' option. <-QUOTE}

Ah, right. Thanks.

{QUOTE-> Ah, right. Thanks. <-QUOTE}


7zip also works with .7z format :)

The writes of the ZLob trojan sometimes release several to half a dozen new variants per day!

Cleaning systems hit with this requires a shotgun approach of several good tools. I've been using NOD32 and AntiVir as the antivirus products I use in cleaning, combined with other malware removal tools such as MalwareBytes, SuperAntispyware, and Spybot.

Also I've been replacing traditional NAT routers at my clients with UTM appliances, the one I've been building and deploying is Untangle. It has a strong spyware blocker, as well as additional antivirus scanning, which I've noticed really has helped PCs behind it maintain more problem free.

For business networks, IMO, traditional NAT routers are not enough anymore, UTM appliances seem to help with that additional layer of protection for the network.

OK, detection now DONE!