ウイルスバスター2007がスルーしたメールの添付ファイルをVIRUSTOTALでチェックした際のめも。結果はその時点でのものです。(※ノートンで確認してません。すみません)
- 確認:1/20 21:40
- ファイル名: Full Clip.exe
対応待ち- 【追記】1/22に対応 TROJ_SMALL.EDW - 概 要
- 【追記】シマンテックは1/20に対応してたのかな? Trojan.Peacomm - Symantec.com
- Downloader-BAI!M711(McAfee)
AntiVir 7.3.0.26 01.20.2007 TR/Drop.Small.DBY Authentium 4.93.8 01.20.2007 W32/Downloader.AYEN Avast 4.7.936.0 01.18.2007 no virus found AVG 386 01.20.2007 Downloader.Agent.ICB BitDefender 7.2 01.20.2007 Trojan.Peed.A CAT-QuickHeal 9.00 01.20.2007 no virus found ClamAV devel-20060426 01.20.2007 Trojan.Downloader-648 DrWeb 4.33 01.20.2007 BackDoor.Groan eSafe 7.0.14.0 01.20.2007 suspicious Trojan/Worm eTrust-InoculateIT 23.73.118 01.20.2007 no virus found eTrust-Vet 30.3.3336 01.19.2007 no virus found Ewido 4.0 01.19.2007 no virus found Fortinet 2.82.0.0 01.20.2007 W32/BAI!tr.dldr F-Prot 3.16f 01.20.2007 security risk named W32/Downloader.AYEN F-Prot4 4.2.1.29 01.19.2007 no virus found Ikarus T3.1.0.27 01.09.2007 no virus found Kaspersky 4.0.2.24 01.20.2007 Trojan-Downloader.Win32.Agent.bet McAfee 4943 01.19.2007 no virus found Microsoft 1.1904 01.20.2007 Win32/Nuwar.N!sys NOD32v2 1992 01.20.2007 Win32/Fuclip.B Norman 5.80.02 01.19.2007 no virus found Panda 9.0.0.4 01.20.2007 Generic Trojan Prevx1 V2 01.20.2007 Trojan.ADIRSS Sophos 4.13.0 01.20.2007 Troj/Dorf-Fam Sunbelt 2.2.907.0 01.12.2007 no virus found TheHacker 6.0.3.151 01.19.2007 no virus found UNA 1.83 01.19.2007 no virus found VBA32 3.11.2 01.19.2007 no virus found VirusBuster 4.3.19:9 01.20.2007 Trojan.DR.Tibs.Gen.15 Aditional Information File size: 25332 bytes MD5: 27b495e15f124b0b628f2ab6eeafb681 SHA1: 4228c0d2d8579bb4910dd98899703ef08f4d4c75 packers: UPX packers: UPX packers: UPX packers: UPX Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=2fb971751263
- 確認:1/20 12:10
- ファイル名: Read More.exe
対応待ち- 【追記】1/22に対応 TROJ_SMALL.EDW - 概 要
- 【追記】シマンテックは1/20に対応してたのかな? Trojan.Peacomm - Symantec.com
- Downloader-BAI!M711(McAfee)
AntiVir 7.3.0.26 01.20.2007 TR/Drop.Small.DBY Authentium 4.93.8 01.20.2007 W32/Downloader.AYEN Avast 4.7.936.0 01.18.2007 no virus found AVG 386 01.19.2007 no virus found BitDefender 7.2 01.20.2007 no virus found CAT-QuickHeal 9.00 01.19.2007 no virus found ClamAV devel-20060426 01.19.2007 no virus found DrWeb 4.33 01.20.2007 BackDoor.Groan eSafe 7.0.14.0 01.20.2007 suspicious Trojan/Worm eTrust-InoculateIT 23.73.118 01.20.2007 no virus found eTrust-Vet 30.3.3336 01.19.2007 no virus found Ewido 4.0 01.19.2007 no virus found Fortinet 2.82.0.0 01.19.2007 suspicious F-Prot 3.16f 01.20.2007 security risk named W32/Downloader.AYEN F-Prot4 4.2.1.29 01.19.2007 no virus found Ikarus T3.1.0.27 01.09.2007 no virus found Kaspersky 4.0.2.24 01.20.2007 Trojan-Downloader.Win32.Agent.bet McAfee 4943 01.19.2007 no virus found Microsoft 1.1904 01.20.2007 no virus found NOD32v2 1991 01.19.2007 no virus found Norman 5.80.02 01.19.2007 no virus found Panda 9.0.0.4 01.19.2007 Suspicious file Prevx1 V2 01.20.2007 Trojan.ADIRSS Sophos 4.13.0 01.19.2007 no virus found Sunbelt 2.2.907.0 01.12.2007 no virus found TheHacker 6.0.3.151 01.19.2007 no virus found UNA 1.83 01.19.2007 no virus found VBA32 3.11.2 01.19.2007 no virus found VirusBuster 4.3.19:9 01.20.2007 Trojan.DR.Tibs.Gen.15 Aditional Information File size: 25332 bytes MD5: 3019e3274e37e33e90b7321c732f706e SHA1: e91188fd2249bd301aaf63e1f8e269e762bf43df packers: UPX packers: UPX packers: UPX packers: UPX Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=2fb971751263
- 確認: 1/19 12:00頃?
- ファイル名: Read More.exe
- 1/20に対応 TROJ_SMALL.EDW - 概 要
- Downloader-BAI!M711(McAfee)
AntiVir 7.3.0.26 01.18.2007 no virus found Authentium 4.93.8 01.19.2007 W32/Downloader.AYDY Avast 4.7.936.0 01.18.2007 no virus found AVG 386 01.18.2007 no virus found BitDefender 7.2 01.19.2007 MemScan:Trojan.Agent.AHS CAT-QuickHeal 9.00 01.17.2007 no virus found ClamAV devel-20060426 01.19.2007 Trojan.Downloader-647 DrWeb 4.33 01.18.2007 no virus found eSafe 7.0.14.0 01.19.2007 suspicious Trojan/Worm eTrust-InoculateIT 23.73.117 01.19.2007 no virus found eTrust-Vet 30.3.3334 01.18.2007 no virus found Ewido 4.0 01.18.2007 no virus found Fortinet 2.82.0.0 01.18.2007 no virus found F-Prot 3.16f 01.19.2007 security risk named W32/Downloader.AYDY F-Prot4 4.2.1.29 01.19.2007 W32/Downloader.AYDY Ikarus T3.1.0.27 01.09.2007 no virus found Kaspersky 4.0.2.24 01.19.2007 Trojan-Downloader.Win32.Small.dam McAfee 4942 01.18.2007 no virus found Microsoft 1.1904 01.19.2007 no virus found NOD32v2 1989 01.19.2007 no virus found Norman 5.80.02 01.18.2007 W32/Tibs.gen12 Panda 9.0.0.4 01.18.2007 no virus found Prevx1 V2 01.19.2007 no virus found Sophos 4.13.0 01.19.2007 Troj/DwnLdr-FYD Sunbelt 2.2.907.0 01.12.2007 no virus found TheHacker 6.0.3.149 01.18.2007 no virus found UNA 1.83 01.18.2007 no virus found VBA32 3.11.2 01.18.2007 no virus found VirusBuster 4.3.19:9 01.19.2007 Trojan.DL.Tibs.Gen!Pac13 Aditional Information File size: 27941 bytes MD5: 794c779e6fc2572a3bd3936dbe6ffc56 SHA1: 278c9bac3555d89aa341f9466d384e33903b4f8f
- 確認:12/31 12:50
- ファイル名: Greeting Card.zip
- WORM_NUWAR.BH - 概 要 - 1/1に対応?
- W32.Mixor.Q@mm - Symantec.com
McAfee は原則週末更新なしなので土日は注意ですねぇ。
AntiVir 7.3.0.21 12.30.2006 TR/Dldr.Tibs.JZ Authentium 4.93.8 12.30.2006 W32/Tibs.gen4 Avast 4.7.892.0 12.30.2006 no virus found AVG 386 12.30.2006 Downloader.Tibs BitDefender 7.2 12.31.2006 Trojan.Downloader.Tibs.CT CAT-QuickHeal 8.00 12.30.2006 no virus found ClamAV devel-20060426 12.30.2006 Trojan.Downloader-390 DrWeb 4.33 12.30.2006 Win32.Dref eSafe 7.0.14.0 12.30.2006 suspicious Trojan/Worm eTrust-InoculateIT 23.73.102 12.30.2006 no virus found eTrust-Vet 30.3.3289 12.29.2006 Win32/Tibs!generic Ewido 4.0 12.30.2006 Downloader.Tibs.jy Fortinet 2.82.0.0 12.30.2006 W32/Tibs.JY!tr.dldr F-Prot 3.16f 12.30.2006 security risk named W32/Tibs.gen4 F-Prot4 4.2.1.29 12.30.2006 W32/Tibs.gen4 Ikarus T3.1.0.27 12.30.2006 Trojan-Downloader.Win32.Tibs.jy Kaspersky 4.0.2.24 12.31.2006 Trojan-Downloader.Win32.Tibs.jy McAfee 4929 12.29.2006 no virus found Microsoft 1.1904 12.30.2006 no virus found NOD32v2 1949 12.30.2006 Win32/Nuwar.M Norman 5.80.02 12.29.2006 no virus found Panda 9.0.0.4 12.30.2006 no virus found Prevx1 V2 12.31.2006 Malicious Sophos 4.13.0 12.30.2006 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic UNA 1.83 12.29.2006 no virus found VBA32 3.11.1 12.30.2006 no virus found VirusBuster 4.3.19:9 12.30.2006 Trojan.DL.Tibs.Gen!Pac10 Aditional Information File size: 15925 bytes MD5: 105f8eb0114283a550a995e09acd3b4b SHA1: 1681e1323e1354e532022a16cc2c5661299a6ac1 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=e57566769666
- 確認:12/29 22:00
- ファイル名: postcard.exe
- WORM_NUWAR.AY - 概 要 - 12/30に対応?
Avast の日付が12/21なのはなぜなんでしょう*1。BitDefender がスルーしてますね。
AntiVir 7.3.0.21 12.29.2006 TR/Dldr.Tibs.jy Authentium 4.93.8 12.29.2006 W32/Tibs.RA Avast 4.7.892.0 12.21.2006 no virus found AVG 386 12.29.2006 Downloader.Generic3.EIY BitDefender 7.2 12.29.2006 no virus found CAT-QuickHeal 8.00 12.29.2006 TrojanDownloader.Tibs.jy ClamAV devel-20060426 12.29.2006 Trojan.Downloader-388 DrWeb 4.33 12.29.2006 Trojan.DownLoader.17085 eSafe 7.0.14.0 12.28.2006 suspicious Trojan/Worm eTrust-InoculateIT 23.73.101 12.29.2006 no virus found eTrust-Vet 30.3.3289 12.29.2006 Win32/Luder.I Ewido 4.0 12.29.2006 Downloader.Tibs.jy Fortinet 2.82.0.0 12.29.2006 suspicious F-Prot 3.16f 12.29.2006 security risk named W32/Tibs.RA F-Prot4 4.2.1.29 12.29.2006 W32/Tibs.RA Ikarus T3.1.0.27 12.29.2006 Trojan-Downloader.Win32.Tibs.jy Kaspersky 4.0.2.24 12.29.2006 Trojan-Downloader.Win32.Tibs.jy McAfee 4928 12.28.2006 no virus found Microsoft 1.1904 12.27.2006 no virus found NOD32v2 1945 12.29.2006 Win32/Nuwar.M Norman 5.80.02 12.29.2006 W32/Tibs.NJJ Panda 9.0.0.4 12.28.2006 no virus found Prevx1 V2 12.29.2006 Trojan.Downloader Sophos 4.13.0 12.28.2006 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic UNA 1.83 12.28.2006 no virus found VBA32 3.11.1 12.28.2006 no virus found VirusBuster 4.3.19:9 12.29.2006 Trojan.Downloader!4adf Aditional Information File size: 15895 bytes MD5: 575e6f5a5d894e5645f581400bc8caf7 SHA1: eacc5fc4f223aa2f4cf3024ce814f5d88ce3ad21 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=7a8466450539
- 確認:12/25 13:00
- ファイル名: postcard.exe
- TROJ_STRAT.IG - 概 要 - 18:00頃?には対応してました
Kaspersky がスルーしてました。
AntiVir 7.3.0.21 12.24.2006 TR/Dldr.Stration.Gen Authentium 4.93.8 12.22.2006 W32/Warezov.gen3!W32DL Avast 4.7.892.0 12.21.2006 no virus found AVG 386 12.24.2006 no virus found BitDefender 7.2 12.25.2006 Generic.Malware.dld!!.FDC38EE1 CAT-QuickHeal 8.00 12.23.2006 no virus found ClamAV devel-20060426 12.24.2006 no virus found DrWeb 4.33 12.24.2006 DLOADER.Trojan eSafe 7.0.14.0 12.24.2006 no virus found eTrust-InoculateIT 23.73.98 12.24.2006 no virus found eTrust-Vet 30.3.3271 12.23.2006 no virus found Ewido 4.0 12.24.2006 no virus found Fortinet 2.82.0.0 12.24.2006 no virus found F-Prot 3.16f 12.22.2006 W32/Warezov.gen3!W32DL F-Prot4 4.2.1.29 12.22.2006 W32/Warezov.gen3!W32DL Ikarus T3.1.0.27 12.24.2006 no virus found Kaspersky 4.0.2.24 12.25.2006 no virus found McAfee 4925 12.22.2006 no virus found Microsoft 1.1904 12.24.2006 no virus found NOD32v2 1937 12.24.2006 no virus found Norman 5.80.02 12.22.2006 W32/Downloader Panda 9.0.0.4 12.24.2006 Suspicious file Prevx1 V2 12.25.2006 no virus found Sophos 4.12.0 12.24.2006 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.136 12.24.2006 no virus found UNA 1.83 12.22.2006 no virus found VBA32 3.11.1 12.25.2006 suspected of Win32.Trojan.Downloader (http://...) VirusBuster 4.3.19:9 12.23.2006 no virus found Aditional Information File size: 1401 bytes MD5: 8e87e3a0a92210a5aecbc8aec70a79f3 SHA1: a08fd3506dae5ae8df4b903ef5ab3595814283bd norman sandbox: [ General information ] *1172220447* ***IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. *1172220448* File length: 3588 bytes. [ Changes to filesystem ] *1172220449* Creates file C:WINDOWSmodule.exe. [ Network services ] *1172220450* Opens URL: []http://<省略>/chr/893/nt.exe.[] [ Security issues ] *1172220451* Starting downloaded file - potential security problem.
- 確認:1/3 12:00
- ファイル名: svch.exe
- TSPY_MARAN.D - 概 要 - 対応済みでした
- Nortonは未対応でした
メールではなく、例のnifty偽装サイトのアレを確認。検出したとこだけ。
AntiVir 7.3.0.21 01.02.2007 TR/PSW.Maran.BY Avast 4.7.892.0 12.30.2006 Win32:Maran AVG 386 01.02.2007 PSW.Generic2.XAQ BitDefender 7.2 01.03.2007 Trojan.Spy.Maran.BY DrWeb 4.33 01.03.2007 Trojan.PWS.Maran Ewido 4.0 01.02.2007 Trojan.Maran.by Ikarus T3.1.0.27 01.02.2007 Trojan-PSW.Win32.Lmir.AOE Kaspersky 4.0.2.24 01.03.2007 Trojan-PSW.Win32.Maran.by McAfee 4930 01.02.2007 Generic PWS.b NOD32v2 1953 01.02.2007 probably a variant of Win32/PSW.Maran Sophos 4.13.0 01.02.2007 Troj/Maran-Gen VBA32 3.11.1 01.01.2007 Trojan-PSW.Win32.Maran.by
htmlファイル(VBScript)をチェック
AntiVir 7.3.0.21 01.02.2007 VBS/Dldr.Small.AY BitDefender 7.2 01.03.2007 Exploit.ADODB.Stream.AZ Ewido 4.0 01.02.2007 Downloader.Agent.m McAfee 4930 01.02.2007 VBS/Psyme UNA 1.83 12.29.2006 Exploit.JS.ADODB.Stream VBA32 3.11.1 01.01.2007 Exploit.JS.ADODB.Stream.e#102
clsidが「BD96C556-65A3-11D0-983A-00C04FC29E36」だったのでMS06-014なのかな?
*1:まさか1週間も更新ないはずないよね?