A311 Trojan

Discussion in 'NOD32 version 2 Forum' started by Albinoni, Aug 3, 2006.

Thread Status:
Not open for further replies.
  1. Albinoni

    Albinoni Registered Member

    Feb 17, 2005
    Perth, Western Australia
    First off I hope that I got the name correct. Was listening to the radio today here in Perth, Western Australia and apparently theres been a new Phishing Trojan thats been released from Russia in which I think is called the A311. I'm certain the name was A311 or thereabouts.

    Just like to know if NOD32 detects this Trojan.
  2. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Probably one of these 2 names found up at VGrep.

    ALWIL [undetected]
    CA InoculateIT Win32/Haxdoor.103.A!Backdoor!Ser
    CA VET Win32/Haxdoor.B
    Doctor Web BackDoor.Prodex
    ESET Win32/Haxdoor.G
    Fortinet [maybe] NEW_VIRUS
    Frisk Software security risk named W32/Haxdoor.BW@bd
    GRISoft BackDoor.Haxdoor.2.AG
    H+BEDV BDS/Haxdoor.G.11
    IKARUS [undetected]
    Kaspersky Lab Backdoor.Win32.Haxdoor.g
    McAfee BackDoor-BAC.gen
    Microsoft [undetected]
    Norman W32/Neodurk.BK
    Panda Bck/Haxdoor.AA
    SOFTWIN Backdoor.Haxdoor.G
    Sophos Troj/Haxdoor-R
    Symantec Backdoor.Haxdoor
    Trend Micro TSPY_A311.103
    VirusBuster [undetected]

    ALWIL Win32:SpyBot-A311 [Trj]
    CA InoculateIT Win32/Rbot.WR!Worm
    CA VET Win32/Rbot.WR
    Doctor Web Win32.HLLW.MyBot.based
    ESET Win32/Rbot.AAF
    Fortinet W32/RBot.C9CE!worm
    Frisk Software security risk named W32/Spybot.BTD
    GRISoft IRC/BackDoor.SdBot.51.W
    H+BEDV Worm/Rbot.DQ.3
    IKARUS [undetected]
    Kaspersky Lab Backdoor.Win32.Rbot.gen
    McAfee W32/Sdbot.worm.gen
    Microsoft Backdoor:Win32/Rbot!BF35
    Norman W32/Spybot.GHH
    Panda W32/Gaobot.AFB.worm
    SOFTWIN Backdoor.RBot.97000EAF
    Sophos W32/Rbot-Fam
    Symantec W32.Spybot.Worm
    Trend Micro WORM_SDBOT.OK
    VirusBuster [undetected]

    Cheers :D
  3. pykko

    pykko Registered Member

    Apr 27, 2005
    Romania...and walking to heaven
    Perhaps this is the on you're talknig about. ;) Anyway Win32/Rbot.AAF seems very old...from 2004
  4. Suggers

    Suggers Guest

    If you are referring to the "A113 Death" trojan that targeted Australian National bank customers; see link below: http://www.ausnog.net/pipermail/ausnog/2006-June/000115.html

    Then yes, it appears that Nod32's heuristics got this one. :thumb:

    For the main executable and this seems to detect as (according to

    AntiVir 06.14.2006 no virus found
    Authentium 4.93.8 06.15.2006 no virus found
    Avast 4.7.844.0 06.13.2006 no virus found
    AVG 386 06.14.2006 no virus found
    BitDefender 7.2 06.15.2006 no virus found
    CAT-QuickHeal 8.00 06.14.2006 (Suspicious) - DNAScan
    ClamAV devel-20060426 06.14.2006 no virus found
    DrWeb 4.33 06.14.2006 BackDoor.Haxdoor.294
    eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
    eTrust-Vet 12.6.2256 06.14.2006 Win32/Haxdoor!generic
    Ewido 3.5 06.14.2006 no virus found
    Fortinet 06.15.2006 suspicious
    F-Prot 3.16f 06.13.2006 no virus found
    Ikarus 06.14.2006 no virus found
    Kaspersky 06.15.2006 no virus found
    McAfee 4784 06.14.2006 no virus found
    Microsoft 1.1441 06.15.2006 no virus found
    NOD32v2 1.1599 06.14.2006 a variant of Win32/Haxdoor
    Norman 5.90.21 06.14.2006 no virus found
    Panda 06.14.2006 Suspicious file
    Sophos 4.06.0 06.14.2006 no virus found
    Symantec 8.0 06.15.2006 no virus found
    TheHacker 06.14.2006 no virus found
    UNA 1.83 06.14.2006 no virus found
    VBA32 3.11.0 06.14.2006 suspected of Trojan-Downloader.Agent.83
    VirusBuster 4.3.7:9 06.14.2006 no virus found
  5. Brian N

    Brian N Registered Member

    Jul 7, 2005
    Haxdoor.G is detected in 1.522 (back in 2003).
    Win32/Rbot.AAF is detected in 1.865 (back in 2004).

    Lot's of Haxdoor variants in 2006 though
Thread Status:
Not open for further replies.