[nsp-sec] Ddos controller - caatadgouk.com
Stephen Gill
gillsr at cymru.com
Fri Jun 27 13:40:50 EDT 2008
Yeah, most of the ones I spot checked had similar non-descript names. If I
had a nickel for every downloader ... :/. Tom Fischer is the best I've seen
at finding the names for these - got any suggestions? :)
Cheers,
-- steve
On 6/27/08 10:36 AM, "Jose Nazario" <jose at arbor.net> wrote:
> On Fri, 27 Jun 2008, Stephen Gill wrote:
>
>> Is there a well known name for this malware family?
>
> pretty non-descript via VT (at least of one sample):
>
> Complete scanning result of "276847", processed in VirusTotal at
> 06/27/2008 19:31:23 (CET).
>
> [ file data ]
> * name..: 276847
> * size..: 4096
> * md5...: 0d770b9be2e5946b5889718249b4d5c6
> * sha1..: c5c97cf0ba3dc9c3afb7a6ab7d0edba20184fb7a
> * peid..: -
>
> [ scan result ]
> AhnLab-V3 2008.6.27.1/20080627 found
> [Win-Trojan/Downloader.4096.MC]
> AntiVir 7.8.0.59/20080627 found [TR/Crypt.XPACK.Gen]
> Authentium 5.1.0.4/20080627 found [W32/Downldr2.CBJR]
> Avast 4.8.1195.0/20080627 found [Win32:Trojan-gen {Other}]
> AVG 7.5.0.516/20080627 found [Downloader.Small.CRD]
> BitDefender 7.2/20080627 found nothing
> CAT-QuickHeal 9.50/20080626 found [TrojanDownloader.Small.vzm]
> ClamAV 0.93.1/20080627 found [Trojan.Downloader-43209]
> DrWeb 4.44.0.09170/20080627 found nothing
> eSafe 7.0.17.0/20080626 found nothing
> eTrust-Vet 31.6.5911/20080627 found [Win32/VMalum.DGGI]
> Ewido 4.0/20080627 found nothing
> F-Prot 4.4.4.56/20080627 found [W32/Downldr2.CBJR]
> F-Secure 7.60.13501.0/20080626 found
> [Trojan-Downloader.Win32.Small.vzm]
> Fortinet 3.14.0.0/20080627 found [W32/Small.VZM!tr.dldr]
> GData 2.0.7306.1023/20080627 found [Trojan-Downloader.Win32.Small.vzm]
> Ikarus T3.1.1.26.0/20080627 found [Trojan.Crypt.XPACK]
> Kaspersky 7.0.0.125/20080627 found
> [Trojan-Downloader.Win32.Small.vzm]
> McAfee 5327/20080627 found nothing
> Microsoft 1.3704/20080627 found [TrojanDownloader:Win32/Harnig]
> NOD32v2 3224/20080627 found [Win32/TrojanDownloader.Small.OBQ]
> Norman 5.80.02/20080626 found [W32/DLoader.HIMT]
> Panda 9.0.0.4/20080626 found [Trj/Downloader.MDW]
> Prevx1 V2/20080627 found [Malware Downloader]
> Rising 20.50.42.00/20080627 found [Trojan.DL.Win32.Undef.om]
> Sophos 4.30.0/20080627 found [Mal/EncPk-DB]
> Sunbelt 3.0.1176.1/20080626 found [Trojan-Downloader.Win32.Small.vzm]
> Symantec 10/20080627 found nothing
> TheHacker 6.2.96.362/20080627 found
> [Trojan/Downloader.Small.vzm]
> TrendMicro 8.700.0.1004/20080627 found [PAK_Generic.001]
> VBA32 3.12.6.8/20080627 found [Trojan-Downloader.Win32.Small.vzm]
> VirusBuster 4.5.11.0/20080623 found nothing
> Webwasher-Gateway 6.6.2/20080627 found [Trojan.Crypt.XPACK.Gen]
>
>
>
> looking at other samples implicated here it looks like it may also have
> some proxying going on.
>
>
> -------------------------------------------------------------
> jose nazario, ph.d. <jose at arbor.net>
> security researcher, office of the CTO, arbor networks
> v: (734) 821 1427 http://asert.arbornetworks.com/
--
Stephen Gill, Chief Scientist, Team Cymru
http://www.cymru.com | +1 312 924 4023 | gillsr at cymru.com
More information about the nsp-security
mailing list