-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis
Alberto Arango
Sent: Wednesday,
January 25, 2006 4:56 PM
To: Declude.Virus@declude.com
Subject: [Declude.Virus] Virus
Feebs variant warning
I just got a
message from a gmail account (forged)
With a data.zip attached. It has a hta file inside.
subject:
Secure Mail
The body says
ID: 46271
Password: zgbvndwdx
Message is attached.
Sincerely,
Protected Mail System,
Gmail.com
Using virustotal.com it is only catched by very few companies.
This is a report processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after
scanning the file "data.zip" file.
This is a report
processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file "data.zip"
file.
Antivirus
|
Version
|
Update
|
Result
|
AntiVir
|
6.33.0.77
|
01.25.2006
|
no virus found
|
Avast
|
4.6.695.0
|
01.25.2006
|
no virus found
|
AVG
|
718
|
01.25.2006
|
Worm/Feebs
|
Avira
|
6.33.0.77
|
01.25.2006
|
no virus found
|
BitDefender
|
7.2
|
01.26.2006
|
no virus found
|
CAT-QuickHeal
|
8.00
|
01.25.2006
|
no virus found
|
ClamAV
|
devel-20051123
|
01.26.2006
|
no virus found
|
DrWeb
|
4.33
|
01.25.2006
|
Win32.HLLM.Graz
|
eTrust-InoculateIT
|
23.71.60
|
01.25.2006
|
no virus found
|
eTrust-Vet
|
12.4.2056
|
01.25.2006
|
Win32/Feeb!ZIP
|
Ewido
|
3.5
|
01.25.2006
|
no virus found
|
Fortinet
|
2.54.0.0
|
01.26.2006
|
JS/Feebs.fam-mm
|
F-Prot
|
3.16c
|
01.25.2006
|
no virus found
|
Ikarus
|
0.2.59.0
|
01.25.2006
|
no virus found
|
Kaspersky
|
4.0.2.24
|
01.25.2006
|
Worm.Win32.Feebs.gen
|
McAfee
|
4682
|
01.25.2006
|
no virus found
|
NOD32v2
|
1.1380
|
01.25.2006
|
JS/TrojanDownloader.Tivso.gen
|
Norman
|
5.70.10
|
01.25.2006
|
JS/[EMAIL PROTECTED]
|
Panda
|
9.0.0.4
|
01.25.2006
|
no virus found
|
Sophos
|
4.01.0
|
01.25.2006
|
no virus found
|
Symantec
|
8.0
|
01.26.2006
|
W32.Feebs
|
TheHacker
|
5.9.3.081
|
01.26.2006
|
no virus found
|
UNA
|
1.83
|
01.25.2006
|
no virus found
|
VBA32
|
3.10.5
|
01.25.2006
|
no virus found
|
F-prot, Mcaffe, ClamAV are not catching it.
meanwhile I am banning it via the body of the email. Catching
"Protected Mail System"