[Dshield] New Variant of Backdoor.Haxdoor

Chris Wright dshield at yaps4u.net
Tue Aug 15 22:12:26 GMT 2006


Martin Forest posted a message on 26th July about a new virus.
(Backdoor.Haxdoor.O or variant there of)

Just had a new variant drop in one of my spamtraps that wasn't picked up by
AVG.
Email me off list if you want the zip/binary.
Ran through VirusTotal and it appears to be quite new:

AntiVir 6.35.1.0 08.15.2006  no virus found 
****Authentium 4.93.8 08.15.2006 W32/Haxdoor.LB at bd 
Avast 4.7.844.0 08.15.2006  no virus found 
AVG 386 08.15.2006  no virus found 
BitDefender 7.2 08.15.2006  no virus found 
****CAT-QuickHeal 8.00 08.14.2006 (Suspicious) - DNAScan 
ClamAV devel-20060426 08.15.2006  no virus found 
DrWeb 4.33 08.15.2006  no virus found 
eTrust-InoculateIT 23.72.98 08.15.2006  no virus found 
eTrust-Vet 30.3.3021 08.15.2006  no virus found 
Ewido 4.0 08.15.2006  no virus found 
****Fortinet 2.77.0.0 08.15.2006 suspicious 
****F-Prot 3.16f 08.15.2006 security risk named W32/Haxdoor.LB at bd 
F-Prot4 4.2.1.29 08.15.2006  no virus found 
Ikarus 0.2.65.0 08.15.2006  no virus found 
Kaspersky 4.0.2.24 08.15.2006  no virus found 
McAfee 4830 08.15.2006  no virus found 
Microsoft 1.1560 08.14.2006  no virus found 
****NOD32v2 1.1707 08.15.2006 a variant of Win32/Haxdoor 
****Norman 5.90.23 08.15.2006 Suspicious_F.gen 
Panda 9.0.0.4 08.15.2006 Suspicious file 
Sophos 4.08.0 08.15.2006  no virus found 
****Symantec 8.0 08.15.2006 Backdoor.Trojan 
TheHacker 5.9.8.192 08.14.2006  no virus found 
UNA 1.83 08.15.2006  no virus found 
****VBA32 3.11.0 08.15.2006 suspected of Trojan-Dropper.Microjoin.2 
VirusBuster 4.3.7:9 08.15.2006 no virus found 

The email has a similar format to the previous one:

Has a zip file with an executable within, named in my case Z3566043.zip

<begin mail>
Dear Customer,

Thank you for shopping at our shop !
This e-mail is to inform you that your order has been shipped out.
The following information is for your reference (see details in the
attachment):
* Order No.:  Z3566043
* Order Date:  08/13/2006
------------------------------
   SUBTOTAL : $1,769.99
   SALESTAX : $0.00
   SHIPPING : $16.81
   TOTAL    : $1,786.80
------------------------------
* Ship Via:  FDX Overnight Delivery
 
[Ship Date :] 08/14/2006 [Tracking No:] 708745655472 Please note that if
your order includes more than one package, the packages may not be delivered
at the same time due to the shipping carrier's schedule and the delivery
method, and this is out of our control. 
In addition, backordered items will be shipped separately.
You may check the status of your package's progress at our website. 
Simply click on "Customer Service", then log into the "Member Center".
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Customers who leave comments for us at either ResellerRatings.com or
Pricegrabber will be eligible to receive a flash drive or other cool prize!
FOUR drawings will take place every month -- one drawing from each review
site on the 1st and the 15th of every calendar month. 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Thank you for shopping with us!
15% restocking fee applies to all refunds. All products must be returned in
like-new condition, including original packaging and all documentation and
accessories. Charges will be applied for all missing accessories or parts. 
Our shop will not accept items that have been physically damaged or misused.
Return periods for different product categories range from zero to 30 days.
<end mail>



More information about the list mailing list