[Dshield] New Variant of Backdoor.Haxdoor

Joel Esler eslerj at gmail.com
Wed Aug 16 12:02:36 GMT 2006


Not true.

http://securityresponse.symantec.com/avcenter/submit.html

J

On 8/15/06, Stasiniewicz, Adam <stasinia at msoe.edu> wrote:
> Symantec does not have a web based submission app.  You need to use the
> "Quarantine and Restore" utility that is installed with all Symantec AV
> products.  It has the ability to quarantine undetected viruses and
> submit them to Symantec.
>
> Regards,
> Adam Stasiniewicz
>
>
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Jenkins, Matt
> Sent: Tuesday, August 15, 2006 9:38 PM
> To: General DShield Discussion List; General DShield Discussion List
> Subject: Re: [Dshield] New Variant of Backdoor.Haxdoor
>
> I just received this variant also.  I updated Symantec's definitions and
> it still does not detect it.  Who should these samples be sent to?  I
> looked all over Symantec's site and cannot find any address to use for
> sending new samples to.
>
> Matt
>
> ________________________________
>
> From: list-bounces at lists.dshield.org on behalf of Chris Wright
> Sent: Tue 8/15/2006 6:12 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] New Variant of Backdoor.Haxdoor
>
>
>
> Martin Forest posted a message on 26th July about a new virus.
> (Backdoor.Haxdoor.O or variant there of)
>
> Just had a new variant drop in one of my spamtraps that wasn't picked up
> by
> AVG.
> Email me off list if you want the zip/binary.
> Ran through VirusTotal and it appears to be quite new:
>
> AntiVir 6.35.1.0 08.15.2006  no virus found
> ****Authentium 4.93.8 08.15.2006 W32/Haxdoor.LB at bd
> Avast 4.7.844.0 08.15.2006  no virus found
> AVG 386 08.15.2006  no virus found
> BitDefender 7.2 08.15.2006  no virus found
> ****CAT-QuickHeal 8.00 08.14.2006 (Suspicious) - DNAScan
> ClamAV devel-20060426 08.15.2006  no virus found
> DrWeb 4.33 08.15.2006  no virus found
> eTrust-InoculateIT 23.72.98 08.15.2006  no virus found
> eTrust-Vet 30.3.3021 08.15.2006  no virus found
> Ewido 4.0 08.15.2006  no virus found
> ****Fortinet 2.77.0.0 08.15.2006 suspicious
> ****F-Prot 3.16f 08.15.2006 security risk named W32/Haxdoor.LB at bd
> F-Prot4 4.2.1.29 08.15.2006  no virus found
> Ikarus 0.2.65.0 08.15.2006  no virus found
> Kaspersky 4.0.2.24 08.15.2006  no virus found
> McAfee 4830 08.15.2006  no virus found
> Microsoft 1.1560 08.14.2006  no virus found
> ****NOD32v2 1.1707 08.15.2006 a variant of Win32/Haxdoor
> ****Norman 5.90.23 08.15.2006 Suspicious_F.gen
> Panda 9.0.0.4 08.15.2006 Suspicious file
> Sophos 4.08.0 08.15.2006  no virus found
> ****Symantec 8.0 08.15.2006 Backdoor.Trojan
> TheHacker 5.9.8.192 08.14.2006  no virus found
> UNA 1.83 08.15.2006  no virus found
> ****VBA32 3.11.0 08.15.2006 suspected of Trojan-Dropper.Microjoin.2
> VirusBuster 4.3.7:9 08.15.2006 no virus found
>
> The email has a similar format to the previous one:
>
> Has a zip file with an executable within, named in my case Z3566043.zip
>
> <begin mail>
> Dear Customer,
>
> Thank you for shopping at our shop !
> This e-mail is to inform you that your order has been shipped out.
> The following information is for your reference (see details in the
> attachment):
> * Order No.:  Z3566043
> * Order Date:  08/13/2006
> ------------------------------
>    SUBTOTAL : $1,769.99
>    SALESTAX : $0.00
>    SHIPPING : $16.81
>    TOTAL    : $1,786.80
> ------------------------------
> * Ship Via:  FDX Overnight Delivery
>
> [Ship Date :] 08/14/2006 [Tracking No:] 708745655472 Please note that if
> your order includes more than one package, the packages may not be
> delivered
> at the same time due to the shipping carrier's schedule and the delivery
> method, and this is out of our control.
> In addition, backordered items will be shipped separately.
> You may check the status of your package's progress at our website.
> Simply click on "Customer Service", then log into the "Member Center".
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Customers who leave comments for us at either ResellerRatings.com or
> Pricegrabber will be eligible to receive a flash drive or other cool
> prize!
> FOUR drawings will take place every month -- one drawing from each
> review
> site on the 1st and the 15th of every calendar month.
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Thank you for shopping with us!
> 15% restocking fee applies to all refunds. All products must be returned
> in
> like-new condition, including original packaging and all documentation
> and
> accessories. Charges will be applied for all missing accessories or
> parts.
> Our shop will not accept items that have been physically damaged or
> misused.
> Return periods for different product categories range from zero to 30
> days.
> <end mail>
>
> _________________________________________
>
> SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> Wide selection of 1-6 Day Courses. Top Instructors!
>
> Details: isc.sans.org/clickcount.php?ad=1
> (use Brochurcode "ISC")
>
> "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> _______________________________________________
>
>
> _________________________________________
>
> SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> Wide selection of 1-6 Day Courses. Top Instructors!
>
> Details: isc.sans.org/clickcount.php?ad=1
> (use Brochurcode "ISC")
>
> "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> _______________________________________________
>
> _________________________________________
>
> SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> Wide selection of 1-6 Day Courses. Top Instructors!
>
> Details: isc.sans.org/clickcount.php?ad=1
> (use Brochurcode "ISC")
>
> "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> _______________________________________________
>


-- 
--Joel


More information about the list mailing list