[Dshield] New IM Virus?
lists at sabsec.com
Mon Oct 17 15:40:18 GMT 2005
Daniel Richards wrote:
> Scott wrote:
>> Has anyone seen an AIM IM containing the URL
>> in it? VirusTotal doesn't know what it is, but in the strings, I see the
>> below, which leads me to believe it's nasty...
> MD5: aa9472daaf11f02e9bab6fe8e4e9e18d
> According to the online malware scan..
> Dr.Web :Found DLOADER.IRC.Trojan (probable variant)
> Kaspersky Anti-Virus: Found Backdoor.Win32.IRCBot.hz
> NOD32: Found probably unknown NewHeur_PE (probable variant)
> Using .Net? Need to know more about .Net Security?
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
By the time my email got through moderation, I had sent it to Kaspersky
and they came back with the new Backdoor.Win32.IRCBot.hz definition.
Just a new variant, nothing to write home about. The only hit when I
first submitted it to Virustotal was the NOD32.
More information about the list