antivirus - christmas EMAIL VIRUS! (be carefull)

Discussion in 'malware problems & news' started by C.S.J, Dec 26, 2006.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    be carefull everyone, its circling around, here is the email i recieved.

    link to article---> http://info.drweb.com/show/2992/en
     
    Last edited by a moderator: Dec 26, 2006
  2. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Yep new variant of Stration, I had the same email yesterday - even some of the big AV's didn't detect this yesterday morning (a couple of the big ones still don't detect it now :eek: )
     
  3. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    From the link you provided:

    Win32.HLLM.Limar

    (Backdoor.Win32.Agent.agk, Generic2.AL, I-Worm/Generic.NK, Possibly a new variant of W32/Threat-HLLIM-based!Maximus, TROJ_AGENT.DLI, Trojan-Downloader.Win32.Agent.atq, Trojan-Downloader.Win32.Agent.aus, Trojan.Agent.TC, Trojan.Downloader.Strationee.B, Trojan.Downloader.VR, Trojan.Win32.Agent.wc, W32/Opnis.P, W32/Stration@MM, WORM_STRATION.AP, WORM_STRATION.F, Win32.HLLW.Stration.A, Win32/Chepch.A!Worm, Win32/Mydoom.BR, Win32/Stration.6wm!Worm, Win32/Stration.D, Win32/Stration.E, Win32/Stration.H)

    Also heuristically detected by F-Prot :D
     
  4. Big Apple

    Big Apple Frequent Poster

    Joined:
    Aug 22, 2006
    Posts:
    724
    Using Mailmoa (www.Moazon.com) for years already, is mailreader and I delete everything suspicious at the server, before reaching my mailbox.
     
  5. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Mine was also detected heuristically/generically by F-prot (W32/Warezov.gen4) :)
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i did a search and some of the big companys didnt detect it heuristically, and got infected.

    it mentions that the original one, releases a few other viruses... which dr.web still detected heuristically,

    yayyy for dr.web, although i wasnt too worried about its heuristic detection.

    and i think its nice of them to inform me like that on 26th dec, cant even get a bus today to go to the football match, another season ticket game down the drane because of the buses. aghhhh
     
  7. smallav

    smallav Registered Member

    Joined:
    Jun 2, 2006
    Posts:
    17
    Fprot:
    W32/Warezov.gen3!W32DL (exact)
    :)
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Perhaps it´s just me but I haven´t received a mail virus in more than three years :eek:
    Is there any updated statistic about infection vectors? IMHO, web browsing accounts for 90 % of all malware.
    Maybe it´s different in corporate networks.
     
  9. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    I haven't either lucas, cept for me it's never... could someone upload it on virustotal and so we can see what detects it and what doesn't.
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I don't know if this was the file, but anyway.

    ~removed un-necessary scan results....Bubba~

    Aditional Information
    File size: 2615016 bytes
    MD5: 1d92b30c98f56d1b966f162a6b7b7da5
    SHA1: 397198ae65b0381f34ea1e7d24245e52a0dea11f
    packers: BINARYRES
    packers: CAB

    Best regards,
    Firefighter!
     
    Last edited by a moderator: Dec 27, 2006
  11. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Complete scanning result of "postcard.exe", received in VirusTotal at 12.27.2006, 14:25:18 (CET).

    ~removed un-necessary scan results....Bubba~

    ;)
     
    Last edited by a moderator: Dec 27, 2006
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Posts that show a screen shot or text results of a specific detection made by one or more anti-virus products and show others missing the sample are not of any real value. Files can be found that any AV will get a hit on and others will miss. As such....numerous posts were edited to remove the scan results un-necessary to the discussion.

    Bubba
     
  13. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    I apologize :)
     
  14. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi Bubba,

    I have to find the policy of not posting a screen shot of Virus Totol or Jotti scanner of a new worm/virus is a little strange.

    I appreciate that there are variables as it may be submitted in a RAR file which some scanners will miss and maybe some scanners will not have full heuristics enabled (or maybe differences with windows and Linx scanners) but it does give a idea of how good the heuristics are in scanners such as Dr Web, Antivir, Bitdefender, Nod32, Fprot, VBA and others.

    This forum is for people interested in antivirus softward, security etc and the fact that companies like Mcafee and CA Antivirus take a long time to add defs should not be hidden.

    When we had Bagle worm outbreaks there were a lot of posts showing who detected first with heuristics.

    I think this is a shame that this has been banned.

    Kind Regards

    Jlo
     
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Important clarification....Wilders has not "banned" all posting of "Virus Totol or Jotti scanner" results. Have a look at this post and if anyone has further off topic comments concerning this matter....Please PM my person or another Team member for further clarification if need be.

    sorry for OT post....back to the thread topic discussion,
    Bubba
     
  16. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Ok thanks Bubba.

    Kind Regards

    Jlo
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Off Topic post removed and as requested...."Please PM my person or another Team member for further clarification if need be."

    Edit

    As stated above....Please PM my person or another Team member for further clarification if need be.
    Post removed and any further ones will be removed without further comment.
     
    Last edited: Dec 27, 2006
Loading...
Thread Status:
Not open for further replies.