September 25th, 2006, 04:55 PM
Virus Circulating Via Email
I was just about to head off to work when I did one last check of my email… and what do I see but an email with the subject ‘Mail Server Report’… The address doesn’t look familiar, but I’ve received a few of these lately from various mailing list submissions. This was the content of the email I opened:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
Please install updates for worm elimination and your computer restoring.
Customers support service
I’m rather impressed…. these bastards are getting slicker and slicker…. or maybe this has been around for a while and I just don’t pay much attention… Attached to the email was the file Update-KB8375-x86.zip.
I submitted the file to VirusTotal and here’s what I got back:
It’s great to know that Symantec (one of the more favoured corporate AVs) and AVG (a very popular Free scanner) knew nothing of this virus yet…. If anyone is interested in the file for research or just to play with, let me know
Complete scanning result of “Update-KB8375-x86.exe”, received in VirusTotal at 09.25.2006, 15:50:55 (CET).
Antivirus Version Update Result AntiVir 220.127.116.11 09.25.2006 Worm/Stration.C
Authentium 4.93.8 09.25.2006 no virus found
Avast 4.7.844.0 09.25.2006 no virus found
AVG 386 09.22.2006 no virus found
BitDefender 7.2 09.25.2006 DeepScan:Generic.Stration.F614E1C9
CAT-QuickHeal 8.00 09.25.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 09.25.2006 no virus found
eTrust-InoculateIT 23.73.4 09.24.2006 Win32/Stration.Variant!Worm
eTrust-Vet 30.3.3098 09.25.2006 no virus found
DrWeb 4.33 09.22.2006 no virus found
Ewido 4.0 09.25.2006 no virus found
Fortinet 18.104.22.168 09.25.2006 suspicious
F-Prot 3.16f 09.25.2006 no virus found
F-Prot4 22.214.171.124 09.25.2006 no virus found
Ikarus 0.2.65.0 09.25.2006 no virus found
Kaspersky 126.96.36.199 09.25.2006 no virus found
McAfee 4858 09.22.2006 New Malware.n
Microsoft 1.1560 09.24.2006 no virus found
NOD32v2 1.1774 09.25.2006 a variant of Win32/Stration
Norman 5.80.02 09.25.2006 no virus found
Panda 188.8.131.52 09.25.2006 Suspicious file
Sophos 4.09.0 09.25.2006 W32/Stratio-AN
Symantec 8.0 09.25.2006 no virus found
TheHacker 6.0.1.079 09.25.2006 no virus found
UNA 1.83 09.22.2006 no virus found
VBA32 3.11.1 09.25.2006 no virus found
VirusBuster 4.3.7:9 09.25.2006 Trojan.Opnis.Gen!Pac2
Aditional Information File size: 116144 bytes
PS, a nicely formatted version of this is available @ http://www.computerdefense.org/?p=111
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".