antivirus - christmas EMAIL VIRUS! (be carefull)

be carefull everyone, its circling around, here is the email i recieved.

link to article---> http://info.drweb.com/show/2992/en

 

Yep new variant of Stration, I had the same email yesterday - even some of the big AV's didn't detect this yesterday morning (a couple of the big ones still don't detect it now )

 

From the link you provided:

Win32.HLLM.Limar

(Backdoor.Win32.Agent.agk, Generic2.AL, I-Worm/Generic.NK, Possibly a new variant of W32/Threat-HLLIM-based!Maximus, TROJ_AGENT.DLI, Trojan-Downloader.Win32.Agent.atq, Trojan-Downloader.Win32.Agent.aus, Trojan.Agent.TC, Trojan.Downloader.Strationee.B, Trojan.Downloader.VR, Trojan.Win32.Agent.wc, W32/Opnis.P, W32/Stration@MM, WORM_STRATION.AP, WORM_STRATION.F, Win32.HLLW.Stration.A, Win32/Chepch.A!Worm, Win32/Mydoom.BR, Win32/Stration.6wm!Worm, Win32/Stration.D, Win32/Stration.E, Win32/Stration.H)

Also heuristically detected by F-Prot

 

Using Mailmoa (www.Moazon.com) for years already, is mailreader and I delete everything suspicious at the server, before reaching my mailbox.

 

Mine was also detected heuristically/generically by F-prot (W32/Warezov.gen4)

 

i did a search and some of the big companys didnt detect it heuristically, and got infected.

it mentions that the original one, releases a few other viruses... which dr.web still detected heuristically,

yayyy for dr.web, although i wasnt too worried about its heuristic detection.

and i think its nice of them to inform me like that on 26th dec, cant even get a bus today to go to the football match, another season ticket game down the drane because of the buses. aghhhh

 

Fprot:
W32/Warezov.gen3!W32DL (exact)

 

Perhaps it´s just me but I haven´t received a mail virus in more than three years
Is there any updated statistic about infection vectors? IMHO, web browsing accounts for 90 % of all malware.
Maybe it´s different in corporate networks.

 

I haven't either lucas, cept for me it's never... could someone upload it on virustotal and so we can see what detects it and what doesn't.

 

I don't know if this was the file, but anyway.

~removed un-necessary scan results....Bubba~

Aditional Information
File size: 2615016 bytes
MD5: 1d92b30c98f56d1b966f162a6b7b7da5
SHA1: 397198ae65b0381f34ea1e7d24245e52a0dea11f
packers: BINARYRES
packers: CAB

Best regards,
Firefighter!

 

Complete scanning result of "postcard.exe", received in VirusTotal at 12.27.2006, 14:25:18 (CET).

~removed un-necessary scan results....Bubba~

 

Posts that show a screen shot or text results of a specific detection made by one or more anti-virus products and show others missing the sample are not of any real value. Files can be found that any AV will get a hit on and others will miss. As such....numerous posts were edited to remove the scan results un-necessary to the discussion.

Bubba

 

I apologize

 

Hi Bubba,

I have to find the policy of not posting a screen shot of Virus Totol or Jotti scanner of a new worm/virus is a little strange.

I appreciate that there are variables as it may be submitted in a RAR file which some scanners will miss and maybe some scanners will not have full heuristics enabled (or maybe differences with windows and Linx scanners) but it does give a idea of how good the heuristics are in scanners such as Dr Web, Antivir, Bitdefender, Nod32, Fprot, VBA and others.

This forum is for people interested in antivirus softward, security etc and the fact that companies like Mcafee and CA Antivirus take a long time to add defs should not be hidden.

When we had Bagle worm outbreaks there were a lot of posts showing who detected first with heuristics.

I think this is a shame that this has been banned.

Kind Regards

Jlo

 

Important clarification....Wilders has not "banned" all posting of "Virus Totol or Jotti scanner" results. Have a look at this post and if anyone has further off topic comments concerning this matter....Please PM my person or another Team member for further clarification if need be.

sorry for OT post....back to the thread topic discussion,
Bubba

 

Ok thanks Bubba.

Kind Regards

Jlo

 

Off Topic post removed and as requested...."Please PM my person or another Team member for further clarification if need be."

Edit

As stated above....Please PM my person or another Team member for further clarification if need be.
Post removed and any further ones will be removed without further comment.