| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200510041410557.SM01216@JEFFMILLS>
Date: Wed Oct 5 01:06:23 2005
From: phugo at highspeedweb.net (Pedro Hugo)
Subject: Another brazilian banking trojan variant,
detected by some AV vendors, but not all
Hi,
Here goes another banking trojan. Some AV vendors classify it as a variant.
It's packed with UPX 1.93, and it can be unpacked by using the official UPX
1.93.
Results from virustotal.com:
Antivirus Version Update Result
AntiVir 6.32.0.6 10.04.2005 TR/Spy.Banker.add.67
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 10.04.2005 PSW.Banker.GRG
Avira 6.32.0.6 10.04.2005 TR/Spy.Banker.add.67
BitDefender 7.2 10.04.2005 Trojan.Banker.Delf.A0715A92
CAT-QuickHeal 8.00 10.04.2005 TrojanSpy.Banker.add
ClamAV devel-20050917 10.04.2005 Trojan.Spy.Banker-97
DrWeb 4.32b 10.02.2005 Trojan.PWS.Banker.based
eTrust-Iris 7.1.194.0 10.04.2005 Win32/Bancos.Variant!PWS!Trojan
eTrust-Vet 11.9.1.0 10.04.2005 no virus found
Fortinet 2.48.0.0 10.04.2005 Spy/Banker
F-Prot 3.16c 10.04.2005 no virus found
Ikarus 0.2.59.0 10.04.2005 no virus found
Kaspersky 4.0.2.24 10.04.2005 Trojan-Spy.Win32.Banker.add
McAfee 4596 10.04.2005 PWS-Banker.gen.b
NOD32v2 1.1241 10.04.2005 a variant of Win32/Spy.Banker.VJ
Norman 5.70.10 10.04.2005 no virus found
Panda 8.02.00 10.04.2005 Trj/Banker.gen
Sophos 3.98.0 10.04.2005 no virus found
Symantec 8.0 10.04.2005 no virus found
TheHacker 5.8.2.117 10.03.2005 no virus found
VBA32 3.10.4 10.04.2005 MalwareScope.Trojan-Spy.Banker.52
TrendMicro OfficeScan doesn't detect it (since the pattern is the same for
all products, we can assume TrendMicro doesn't detect it).
Attached is the original file, if you can't download it from the site.
Sorry for the noise, but I hope all or some AV vendors are listening and can
benefit from this.
Best Regards,
Pedro Hugo
_____
From: cartoes@...tualcards.com.br [mailto:cartoes@...tualcards.com.br]
Subject: Voc? recebeu um cart?o virtual!
<http://www.brandweer-brummen.nl/Upimages/cartao.exe>
VIRTUALCARD <http://www.brandweer-brummen.nl/Upimages/cartao.exe> S
<http://www.brandweer-brummen.nl/Upimages/cartao.exe> PARA VOC?!!!
Tudo bem com voc??! Voc? acaba de receber um VIRTUALCARDS,
os cart?es mais animados da Web, enviado por algu?m que te ama muito.
Para visualiz?-lo, basta clicar no link abaixo e pronto!
<http://www.brandweer-brummen.nl/Upimages/cartao.exe>
Clique <http://www.brandweer-brummen.nl/Upimages/cartao.exe> aqui para
visualizar o seu cart?o
<http://www.brandweer-brummen.nl/Upimages/cartao.exe>
<http://www.brandweer-brummen.nl/Upimages/cartao.exe>
----------------------------------------------------------------------------
----
<javascript:ol('http://www.virtualcards.com.br/');>
Um grande abra?o da Equipe VIRTUALCARDS.
----------------------------------------------------------------------------
----
<http://www.brandweer-brummen.nl/Upimages/cartao.exe>
Informa??es <http://www.brandweer-brummen.nl/Upimages/cartao.exe> sobre
este e-mail
Este e-mail foi gerado automaticamente. N?o responda.
| <http://www.brandweer-brummen.nl/Upimages/cartao.exe> Termos do Servi?o e
Pol?tica de Privacidade |
Copyright ? 2001 - 2005 VITALEWEB - BRASIL
Todos os Direitos Reservados - All Rights Reserved
<http://www.brandweer-brummen.nl/Upimages/cartao.exe>
<file:///D|/Secrets%20Of%20Black%20Arts/Nova%20pasta/virtualcards_arquivos/d
ummy.htm>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051004/0ad0dfa1/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cartao.e__
Type: application/octet-stream
Size: 751104 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051004/0ad0dfa1/cartao-0001.obj
Powered by blists - more mailing lists