[Dshield] New IM Virus?

Scott Brenner lists at sabsec.com
Mon Oct 17 15:40:18 GMT 2005


Daniel Richards wrote:


> Scott wrote:
>> Has anyone seen an AIM IM containing  the URL
>> hxxp://FullPictures.my-net-space.net/show.php?sec=jxxx&num=xxx
>> in it? VirusTotal doesn't know what it is, but in the strings, I see the
>> below, which leads me to believe it's nasty...
> [snip]
> MD5: aa9472daaf11f02e9bab6fe8e4e9e18d
> 
> According to the online malware scan..
> Dr.Web :Found DLOADER.IRC.Trojan (probable variant)
> Kaspersky Anti-Virus: Found Backdoor.Win32.IRCBot.hz
> NOD32: Found probably unknown NewHeur_PE (probable variant)
> 
> 
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 
By the time my email got through moderation, I had sent it to Kaspersky 
and they came back with the new Backdoor.Win32.IRCBot.hz definition. 
Just a new variant, nothing to write home about. The only hit when I 
first submitted it to Virustotal was the NOD32.

-sb


More information about the list mailing list