-----Original
Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Panda Consulting
S.A. Luis Alberto Arango
Sent: Wednesday, January
25, 2006 4:56
PM
To:
Declude.Virus@declude.com
Subject: [Declude.Virus] Virus Feebs
variant warning
I
just got a message from a gmail
account (forged)
With a data.zip attached. It has a hta file
inside.
subject: Secure Mail
The body
says
ID: 46271
Password: zgbvndwdx
Message is
attached.
Sincerely,
Protected Mail
System,
Gmail.com
Using virustotal.com it is only catched by very
few companies.
This is a report processed by VirusTotal on
01/26/2006 at
01:38:32 (CET)
after scanning the file "data.zip" file.
This is a report processed by
VirusTotal on 01/26/2006 at 01:38:32
(CET)
after scanning the file "data.zip"
file.
Antivirus |
Version |
Update |
Result |
AntiVir |
6.33.0.77 |
01.25.2006 |
no
virus found |
Avast |
4.6.695.0 |
01.25.2006 |
no
virus found |
AVG |
718 |
01.25.2006 |
Worm/Feebs |
Avira |
6.33.0.77 |
01.25.2006 |
no
virus found |
BitDefender |
7.2 |
01.26.2006 |
no
virus found |
CAT-QuickHeal |
8.00 |
01.25.2006 |
no
virus found |
ClamAV |
devel-20051123 |
01.26.2006 |
no
virus found |
DrWeb |
4.33 |
01.25.2006 |
Win32.HLLM.Graz |
eTrust-InoculateIT |
23.71.60 |
01.25.2006 |
no
virus found |
eTrust-Vet |
12.4.2056 |
01.25.2006 |
Win32/Feeb!ZIP |
Ewido |
3.5 |
01.25.2006 |
no
virus found |
Fortinet |
2.54.0.0 |
01.26.2006 |
JS/Feebs.fam-mm |
F-Prot |
3.16c |
01.25.2006 |
no
virus found |
Ikarus |
0.2.59.0 |
01.25.2006 |
no
virus found |
Kaspersky |
4.0.2.24 |
01.25.2006
|
Worm.Win32.Feebs.gen |
McAfee |
4682 |
01.25.2006 |
no
virus found |
NOD32v2 |
1.1380 |
01.25.2006 |
JS/TrojanDownloader.Tivso.gen |
Norman |
5.70.10 |
01.25.2006 |
JS/[EMAIL PROTECTED] |
Panda |
9.0.0.4 |
01.25.2006 |
no
virus found |
Sophos |
4.01.0 |
01.25.2006 |
no
virus found |
Symantec |
8.0 |
01.26.2006 |
W32.Feebs |
TheHacker |
5.9.3.081 |
01.26.2006 |
no
virus found |
UNA |
1.83 |
01.25.2006 |
no
virus found |
VBA32 |
3.10.5 |
01.25.2006 |
no
virus found |
F-prot, Mcaffe,
ClamAV are not catching it.
meanwhile I am
banning it via the body of the email. Catching "Protected Mail
System"