[Dshield] New Variant of Backdoor.Haxdoor

Joel Esler eslerj at gmail.com
Wed Aug 16 16:46:05 GMT 2006


Sorry..
https://submit.symantec.com/retail/

J

On 8/16/06, Joel Esler <eslerj at gmail.com> wrote:
> Not true.
>
> http://securityresponse.symantec.com/avcenter/submit.html
>
> J
>
> On 8/15/06, Stasiniewicz, Adam <stasinia at msoe.edu> wrote:
> > Symantec does not have a web based submission app.  You need to use the
> > "Quarantine and Restore" utility that is installed with all Symantec AV
> > products.  It has the ability to quarantine undetected viruses and
> > submit them to Symantec.
> >
> > Regards,
> > Adam Stasiniewicz
> >
> >
> > -----Original Message-----
> > From: list-bounces at lists.dshield.org
> > [mailto:list-bounces at lists.dshield.org] On Behalf Of Jenkins, Matt
> > Sent: Tuesday, August 15, 2006 9:38 PM
> > To: General DShield Discussion List; General DShield Discussion List
> > Subject: Re: [Dshield] New Variant of Backdoor.Haxdoor
> >
> > I just received this variant also.  I updated Symantec's definitions and
> > it still does not detect it.  Who should these samples be sent to?  I
> > looked all over Symantec's site and cannot find any address to use for
> > sending new samples to.
> >
> > Matt
> >
> > ________________________________
> >
> > From: list-bounces at lists.dshield.org on behalf of Chris Wright
> > Sent: Tue 8/15/2006 6:12 PM
> > To: 'General DShield Discussion List'
> > Subject: [Dshield] New Variant of Backdoor.Haxdoor
> >
> >
> >
> > Martin Forest posted a message on 26th July about a new virus.
> > (Backdoor.Haxdoor.O or variant there of)
> >
> > Just had a new variant drop in one of my spamtraps that wasn't picked up
> > by
> > AVG.
> > Email me off list if you want the zip/binary.
> > Ran through VirusTotal and it appears to be quite new:
> >
> > AntiVir 6.35.1.0 08.15.2006  no virus found
> > ****Authentium 4.93.8 08.15.2006 W32/Haxdoor.LB at bd
> > Avast 4.7.844.0 08.15.2006  no virus found
> > AVG 386 08.15.2006  no virus found
> > BitDefender 7.2 08.15.2006  no virus found
> > ****CAT-QuickHeal 8.00 08.14.2006 (Suspicious) - DNAScan
> > ClamAV devel-20060426 08.15.2006  no virus found
> > DrWeb 4.33 08.15.2006  no virus found
> > eTrust-InoculateIT 23.72.98 08.15.2006  no virus found
> > eTrust-Vet 30.3.3021 08.15.2006  no virus found
> > Ewido 4.0 08.15.2006  no virus found
> > ****Fortinet 2.77.0.0 08.15.2006 suspicious
> > ****F-Prot 3.16f 08.15.2006 security risk named W32/Haxdoor.LB at bd
> > F-Prot4 4.2.1.29 08.15.2006  no virus found
> > Ikarus 0.2.65.0 08.15.2006  no virus found
> > Kaspersky 4.0.2.24 08.15.2006  no virus found
> > McAfee 4830 08.15.2006  no virus found
> > Microsoft 1.1560 08.14.2006  no virus found
> > ****NOD32v2 1.1707 08.15.2006 a variant of Win32/Haxdoor
> > ****Norman 5.90.23 08.15.2006 Suspicious_F.gen
> > Panda 9.0.0.4 08.15.2006 Suspicious file
> > Sophos 4.08.0 08.15.2006  no virus found
> > ****Symantec 8.0 08.15.2006 Backdoor.Trojan
> > TheHacker 5.9.8.192 08.14.2006  no virus found
> > UNA 1.83 08.15.2006  no virus found
> > ****VBA32 3.11.0 08.15.2006 suspected of Trojan-Dropper.Microjoin.2
> > VirusBuster 4.3.7:9 08.15.2006 no virus found
> >
> > The email has a similar format to the previous one:
> >
> > Has a zip file with an executable within, named in my case Z3566043.zip
> >
> > <begin mail>
> > Dear Customer,
> >
> > Thank you for shopping at our shop !
> > This e-mail is to inform you that your order has been shipped out.
> > The following information is for your reference (see details in the
> > attachment):
> > * Order No.:  Z3566043
> > * Order Date:  08/13/2006
> > ------------------------------
> >    SUBTOTAL : $1,769.99
> >    SALESTAX : $0.00
> >    SHIPPING : $16.81
> >    TOTAL    : $1,786.80
> > ------------------------------
> > * Ship Via:  FDX Overnight Delivery
> >
> > [Ship Date :] 08/14/2006 [Tracking No:] 708745655472 Please note that if
> > your order includes more than one package, the packages may not be
> > delivered
> > at the same time due to the shipping carrier's schedule and the delivery
> > method, and this is out of our control.
> > In addition, backordered items will be shipped separately.
> > You may check the status of your package's progress at our website.
> > Simply click on "Customer Service", then log into the "Member Center".
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > Customers who leave comments for us at either ResellerRatings.com or
> > Pricegrabber will be eligible to receive a flash drive or other cool
> > prize!
> > FOUR drawings will take place every month -- one drawing from each
> > review
> > site on the 1st and the 15th of every calendar month.
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > Thank you for shopping with us!
> > 15% restocking fee applies to all refunds. All products must be returned
> > in
> > like-new condition, including original packaging and all documentation
> > and
> > accessories. Charges will be applied for all missing accessories or
> > parts.
> > Our shop will not accept items that have been physically damaged or
> > misused.
> > Return periods for different product categories range from zero to 30
> > days.
> > <end mail>
> >
> > _________________________________________
> >
> > SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> > Wide selection of 1-6 Day Courses. Top Instructors!
> >
> > Details: isc.sans.org/clickcount.php?ad=1
> > (use Brochurcode "ISC")
> >
> > "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> > _______________________________________________
> >
> >
> > _________________________________________
> >
> > SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> > Wide selection of 1-6 Day Courses. Top Instructors!
> >
> > Details: isc.sans.org/clickcount.php?ad=1
> > (use Brochurcode "ISC")
> >
> > "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> > _______________________________________________
> >
> > _________________________________________
> >
> > SANS Network Security 2006 - Las Vegas NV October 1st-9th.
> > Wide selection of 1-6 Day Courses. Top Instructors!
> >
> > Details: isc.sans.org/clickcount.php?ad=1
> > (use Brochurcode "ISC")
> >
> > "Best IT Security return on Investment" (Mario Chiock, Schlumberger)
> > _______________________________________________
> >
>
>
> --
> --Joel
>


-- 
--Joel


More information about the list mailing list