[unisog] New Bot variants making rounds

Michael Holstein michael.holstein at csuohio.edu
Mon Apr 4 17:57:52 GMT 2005


> can you submit them to sandbox.norman.no and share the results?

Already did that .. they came back with little detail :

~Mike.

#1 :

Norman Scanner Engine 5.80.  5
Sandbox 05.80, dated 31/02-2005

Your message ID (for later reference): 20050404-309

srv32.exe : Not detected by sandbox (Signature: NO_VIRUS)
  [ General information ]
     * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS at NORMAN.NO 
- REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
     * File length:        47104 bytes.

  [ Changes to filesystem ]
     * Creates file C:\WINDOWS\SYSTEM\srv32.exe.

  [ Process/window information ]
     * Creates a mutex ping0.


#2 :

Norman Scanner Engine 5.80.  5
Sandbox 05.80, dated 31/02-2005

Your message ID (for later reference): 20050404-310

winsr.exe : Not detected by sandbox (Signature: NO_VIRUS)
  [ General information ]
     * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS at NORMAN.NO 
- REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
     * Applications uses MSVBVM60.DLL (Visual Basic 6).
     * File length:        24576 bytes.




More information about the unisog mailing list