[Dshield] suspiroamor.land.ru trojan

Stasiniewicz, Adam stasinia at msoe.edu
Sun Nov 25 22:54:35 GMT 2007 

Whenever I come across a suspicious file I upload it to www.virustotal.com.
In addition to running the file against basically ever major AV, they will
also submit the file to every AV vendor that did not get a hit on the file.
Here are the results (as of a few minutes ago):



AhnLab-V3 2007.11.24.0 2007.11.23 - 
AntiVir 7.6.0.34 2007.11.25 TR/PSW.Delf.KI.152 
Authentium 4.93.8 2007.11.24 Possibly a new variant of
W32/NewMalware-LSU-based!Maximus 
Avast 4.7.1074.0 2007.11.25 - 
AVG 7.5.0.503 2007.11.25 PSW.Generic5.YJD 
BitDefender 7.2 2007.11.25 Trojan.Spy.Delf.SI 
CAT-QuickHeal 9.00 2007.11.24 - 
ClamAV 0.91.2 2007.11.25 - 
DrWeb 4.44.0.09170 2007.11.25 - 
eSafe 7.0.15.0 2007.11.21 - 
eTrust-Vet 31.3.5324 2007.11.24 - 
Ewido 4.0 2007.11.25 - 
FileAdvisor 1 2007.11.25 - 
Fortinet 3.14.0.0 2007.11.25 Spy/Banker 
F-Prot 4.4.2.54 2007.11.25 W32/NewMalware-LSU-based!Maximus 
F-Secure 6.70.13030.0 2007.11.25 Trojan-PSW.Win32.Delf.ki 
Ikarus T3.1.1.12 2007.11.25 Trojan-Spy.Banker.5858 
Kaspersky 7.0.0.125 2007.11.25 Trojan-PSW.Win32.Delf.ki 
McAfee 5170 2007.11.23 PWS-Banker.gen.i 
Microsoft 1.3007 2007.11.25 PWS:Win32/Delf.KI 
NOD32v2 2684 2007.11.25 a variant of Win32/TrojanDownloader.Dadobra.IA 
Norman 5.80.02 2007.11.23 W32/Downloader 
Panda 9.0.0.4 2007.11.25 Suspicious file 
Prevx1 V2 2007.11.25 SPYWARE.DELF.SI 
Rising 20.19.61.00 2007.11.25 Trojan.Spy.Win32.Delf.vu 
Sophos 4.23.0 2007.11.25 Mal/DelpDldr-C 
Sunbelt 2.2.907.0 2007.11.24 - 
Symantec 10 2007.11.25 Downloader.Bancos 
TheHacker 6.2.9.141 2007.11.24 - 
VBA32 3.12.2.5 2007.11.23 Trojan.PWS.Banker.10307 
VirusBuster 4.3.26:9 2007.11.25 - 
Webwasher-Gateway 6.0.1 2007.11.25 Trojan.PSW.Delf.KI.152


Regards,
Adam Stasiniewicz

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Tony Earnshaw
Sent: Sunday, November 25, 2007 3:59 PM
To: General DShield Discussion List
Subject: Re: [Dshield] suspiroamor.land.ru trojan

Bijendra Singh skrev, on 25-11-2007 22:38:

> Yahoo email scanner says that zip file contains Downloader.Brancos virus.
> Virus "Downloader.Bancos" found

And Bit Defender (BDC) under amavisd-new on Postfix 2.4.6 that unpacks 
it two trojans, Trojan.Spy.Delf.SI, Trojan.Downloader.Delf.OBN.

Clamscan/clamd under amavisd-new didn't find anything, I submitted it to 
the ClamAV site.

--Tonni

-- 
Tony Earnshaw
Email: tonni at hetnet dot nl
_________________________________________
SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
SANS top instructors.  http://www.sans.org/info/9346

More information about the list mailing list