A311 Trojan

First off I hope that I got the name correct. Was listening to the radio today here in Perth, Western Australia and apparently theres been a new Phishing Trojan thats been released from Russia in which I think is called the A311. I'm certain the name was A311 or thereabouts.

Just like to know if NOD32 detects this Trojan.

 

Probably one of these 2 names found up at VGrep.

ALWIL [undetected]
CA InoculateIT Win32/Haxdoor.103.A!Backdoor!Ser
CA VET Win32/Haxdoor.B
Doctor Web BackDoor.Prodex
ESET Win32/Haxdoor.G
Fortinet [maybe] NEW_VIRUS
Frisk Software security risk named W32/Haxdoor.BW@bd
GRISoft BackDoor.Haxdoor.2.AG
H+BEDV BDS/Haxdoor.G.11
IKARUS [undetected]
Kaspersky Lab Backdoor.Win32.Haxdoor.g
McAfee BackDoor-BAC.gen
Microsoft [undetected]
Norman W32/Neodurk.BK
Panda Bck/Haxdoor.AA
SOFTWIN Backdoor.Haxdoor.G
Sophos Troj/Haxdoor-R
Symantec Backdoor.Haxdoor
Trend Micro TSPY_A311.103
VirusBuster [undetected]




ALWIL Win32:SpyBot-A311 [Trj]
CA InoculateIT Win32/Rbot.WR!Worm
CA VET Win32/Rbot.WR
Doctor Web Win32.HLLW.MyBot.based
ESET Win32/Rbot.AAF
Fortinet W32/RBot.C9CE!worm
Frisk Software security risk named W32/Spybot.BTD
GRISoft IRC/BackDoor.SdBot.51.W
H+BEDV Worm/Rbot.DQ.3
IKARUS [undetected]
Kaspersky Lab Backdoor.Win32.Rbot.gen
McAfee W32/Sdbot.worm.gen
Microsoft Backdoor:Win32/Rbot!BF35
Norman W32/Spybot.GHH
Panda W32/Gaobot.AFB.worm
SOFTWIN Backdoor.RBot.97000EAF
Sophos W32/Rbot-Fam
Symantec W32.Spybot.Worm
Trend Micro WORM_SDBOT.OK
VirusBuster [undetected]

Cheers

 

Perhaps this is the on you're talknig about. Anyway Win32/Rbot.AAF seems very old...from 2004

 

If you are referring to the "A113 Death" trojan that targeted Australian National bank customers; see link below: http://www.ausnog.net/pipermail/ausnog/2006-June/000115.html

Then yes, it appears that Nod32's heuristics got this one.

For the main executable and this seems to detect as (according to
virustotal):

AntiVir 6.35.0.13 06.14.2006 no virus found
Authentium 4.93.8 06.15.2006 no virus found
Avast 4.7.844.0 06.13.2006 no virus found
AVG 386 06.14.2006 no virus found
BitDefender 7.2 06.15.2006 no virus found
CAT-QuickHeal 8.00 06.14.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 06.14.2006 no virus found
DrWeb 4.33 06.14.2006 BackDoor.Haxdoor.294
eTrust-InoculateIT 23.72.38 06.15.2006 no virus found
eTrust-Vet 12.6.2256 06.14.2006 Win32/Haxdoor!generic
Ewido 3.5 06.14.2006 no virus found
Fortinet 2.77.0.0 06.15.2006 suspicious
F-Prot 3.16f 06.13.2006 no virus found
Ikarus 0.2.65.0 06.14.2006 no virus found
Kaspersky 4.0.2.24 06.15.2006 no virus found
McAfee 4784 06.14.2006 no virus found
Microsoft 1.1441 06.15.2006 no virus found
NOD32v2 1.1599 06.14.2006 a variant of Win32/Haxdoor
Norman 5.90.21 06.14.2006 no virus found
Panda 9.0.0.4 06.14.2006 Suspicious file
Sophos 4.06.0 06.14.2006 no virus found
Symantec 8.0 06.15.2006 no virus found
TheHacker 5.9.8.159 06.14.2006 no virus found
UNA 1.83 06.14.2006 no virus found
VBA32 3.11.0 06.14.2006 suspected of Trojan-Downloader.Agent.83
VirusBuster 4.3.7:9 06.14.2006 no virus found

 

Haxdoor.G is detected in 1.522 (back in 2003).
Win32/Rbot.AAF is detected in 1.865 (back in 2004).

Lot's of Haxdoor variants in 2006 though