Minden
12/08/05, 12:03:22
Con dos ficheros adjuntos:
To_reduce_the_tax.rar
Increase_in_the_tax.rar
El nortón antivirus no me detecto nada y como me parecían sospechosos hice el liveupdate y después lo escanee tampoco. Los mande a Panda, a Virus-Doctor y a F-Secure y me han contestado esto:
Hello,
Please note that our contact point has changed:
http://support.f-secure.com/enu/home/contactus/
> Contraseña: virus
These RAR files contain samples of Bagle-related downloaders. We already
detect them, see the report:
-----------------------------------------------------------
Scanning Report
12 August 2005 12:40:13 - 12:40:13
Scanning type: Scan target for viruses
Target: C:\1
Result: 2 malware found
Email-Worm.Win32.Bagle.cf (virus)
* C:\1\Increase_in_the_tax.rar\Taxes.exe
* C:\1\To_reduce_the_tax.rar\Taxes.exe
-----------------------------------------------------------
The description of this malware can be found here:
http://www.europe.f-secure.com/v-descs/bagle_cf.shtml
Regards,
Dear Francisco G.,
This is to notify you of the results of your submission, issue number
606110. Thank you for emailing CA Security Advisor.
We have successfully received the following files, and present to you
our preliminary findings based on automated analysis:
FILE SIZE CONCLUSION
------------------------------------------------------------------------
mailpart1 299
------------------------------------------------------------------------
virus.zip 36478 clean
------------------------------------------------------------------------
Increase_in_the_tax.rar 18080 clean
------------------------------------------------------------------------
Taxes.exe 36352 malware
------------------------------------------------------------------------
wiwshost.exe 9216 malware
------------------------------------------------------------------------
To_reduce_the_tax.rar 18080 clean
------------------------------------------------------------------------
Taxes.exe 36352 malware
------------------------------------------------------------------------
wiwshost.exe 9216 malware
------------------------------------------------------------------------
You are receiving this message because you have either contacted our
support team, or submitted a file directly to 'Virtue'. 'Virtue' is an
acronym for "*Virus Information Replication and Tracking system for
Users and Experts*".
Virtue is available 24 hours a day, 7 days a week and is used by
Computer Associates' teams of Antivirus and Spyware Researchers to
assist them in the process of malware and spyware classification. For
more information about Virtue, please visit
http://www3.ca.com/Solutions/Collateral.asp?CID=53725&ID=
This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. For
technical support please visit http://www.ca.com/about/support.htm.
If you would like to comment on the quality of this automated service,
please send your suggestion to virtue.feedback@ca.com .
CA Security Advisor
------------------------------------------------------------------------
For the latest security advisories, including detailed analysis of the
latest vulnerabilities, viruses, trojans, worms and spyware, and for
complete information on how to protect yourself or your organization,
please visit
http://www.ca.com/securityadvisor
FILE
------------------------------------------------------------------------
mailpart1
------------------------------------------------------------------------
This file is being analyzed by our researchers. We will inform you of
their findings as soon as the analysis is complete.
FILE
------------------------------------------------------------------------
virus.zip
------------------------------------------------------------------------
The PkWare Zip Archive file "virus.zip" has been determined to be
clean. For the results of files contained please see below.
FILE
------------------------------------------------------------------------
Increase_in_the_tax.rar
------------------------------------------------------------------------
The PkWare Zip Archive file "Increase_in_the_tax.rar" has been
determined to be clean. For the results of files contained please see
below. Such files normally need the "zip" extension to be opened.
FILE
------------------------------------------------------------------------
Taxes.exe
------------------------------------------------------------------------
The Windows PE (I386,EXE) file "Taxes.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(W32/Mitglieder.EO) (W32/Bagle.dldr.gen) (Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
The detection is not available with the default settings. Please
select "Reviewer" mode in the advanced scan options.
Engine Update version Last Update
23.70.0 23.70.2 12 Aug
Please check for the latest signature updates.
FILE
------------------------------------------------------------------------
wiwshost.exe
------------------------------------------------------------------------
The Windows PE (I386,DLL) file "wiwshost.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
We will inform you by email ASAP when we have a signature update
available providing detection.
FILE
------------------------------------------------------------------------
To_reduce_the_tax.rar
------------------------------------------------------------------------
The PkWare Zip Archive file "To_reduce_the_tax.rar" has been determined
to be clean. For the results of files contained please see below. Such
files normally need the "zip" extension to be opened.
FILE
------------------------------------------------------------------------
Taxes.exe
------------------------------------------------------------------------
The Windows PE (I386,EXE) file "Taxes.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(W32/Mitglieder.EO) (W32/Bagle.dldr.gen) (Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
The detection is not available with the default settings. Please
select "Reviewer" mode in the advanced scan options.
Engine Update version Last Update
23.70.0 23.70.2 12 Aug
Please check for the latest signature updates.
FILE
------------------------------------------------------------------------
wiwshost.exe
------------------------------------------------------------------------
The Windows PE (I386,DLL) file "wiwshost.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
We will inform you by email ASAP when we have a signature update
available providing detection.
Con lo cual confirma lo de siempre el Norton es una caca. Normalmente tengo el KAV pero como he formateado me puse el Norton 2004 provisionalmente.
To_reduce_the_tax.rar
Increase_in_the_tax.rar
El nortón antivirus no me detecto nada y como me parecían sospechosos hice el liveupdate y después lo escanee tampoco. Los mande a Panda, a Virus-Doctor y a F-Secure y me han contestado esto:
Hello,
Please note that our contact point has changed:
http://support.f-secure.com/enu/home/contactus/
> Contraseña: virus
These RAR files contain samples of Bagle-related downloaders. We already
detect them, see the report:
-----------------------------------------------------------
Scanning Report
12 August 2005 12:40:13 - 12:40:13
Scanning type: Scan target for viruses
Target: C:\1
Result: 2 malware found
Email-Worm.Win32.Bagle.cf (virus)
* C:\1\Increase_in_the_tax.rar\Taxes.exe
* C:\1\To_reduce_the_tax.rar\Taxes.exe
-----------------------------------------------------------
The description of this malware can be found here:
http://www.europe.f-secure.com/v-descs/bagle_cf.shtml
Regards,
Dear Francisco G.,
This is to notify you of the results of your submission, issue number
606110. Thank you for emailing CA Security Advisor.
We have successfully received the following files, and present to you
our preliminary findings based on automated analysis:
FILE SIZE CONCLUSION
------------------------------------------------------------------------
mailpart1 299
------------------------------------------------------------------------
virus.zip 36478 clean
------------------------------------------------------------------------
Increase_in_the_tax.rar 18080 clean
------------------------------------------------------------------------
Taxes.exe 36352 malware
------------------------------------------------------------------------
wiwshost.exe 9216 malware
------------------------------------------------------------------------
To_reduce_the_tax.rar 18080 clean
------------------------------------------------------------------------
Taxes.exe 36352 malware
------------------------------------------------------------------------
wiwshost.exe 9216 malware
------------------------------------------------------------------------
You are receiving this message because you have either contacted our
support team, or submitted a file directly to 'Virtue'. 'Virtue' is an
acronym for "*Virus Information Replication and Tracking system for
Users and Experts*".
Virtue is available 24 hours a day, 7 days a week and is used by
Computer Associates' teams of Antivirus and Spyware Researchers to
assist them in the process of malware and spyware classification. For
more information about Virtue, please visit
http://www3.ca.com/Solutions/Collateral.asp?CID=53725&ID=
This automated scanning service "Virtue" complements our regular
technical support service. It is not a replacement for it. For
technical support please visit http://www.ca.com/about/support.htm.
If you would like to comment on the quality of this automated service,
please send your suggestion to virtue.feedback@ca.com .
CA Security Advisor
------------------------------------------------------------------------
For the latest security advisories, including detailed analysis of the
latest vulnerabilities, viruses, trojans, worms and spyware, and for
complete information on how to protect yourself or your organization,
please visit
http://www.ca.com/securityadvisor
FILE
------------------------------------------------------------------------
mailpart1
------------------------------------------------------------------------
This file is being analyzed by our researchers. We will inform you of
their findings as soon as the analysis is complete.
FILE
------------------------------------------------------------------------
virus.zip
------------------------------------------------------------------------
The PkWare Zip Archive file "virus.zip" has been determined to be
clean. For the results of files contained please see below.
FILE
------------------------------------------------------------------------
Increase_in_the_tax.rar
------------------------------------------------------------------------
The PkWare Zip Archive file "Increase_in_the_tax.rar" has been
determined to be clean. For the results of files contained please see
below. Such files normally need the "zip" extension to be opened.
FILE
------------------------------------------------------------------------
Taxes.exe
------------------------------------------------------------------------
The Windows PE (I386,EXE) file "Taxes.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(W32/Mitglieder.EO) (W32/Bagle.dldr.gen) (Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
The detection is not available with the default settings. Please
select "Reviewer" mode in the advanced scan options.
Engine Update version Last Update
23.70.0 23.70.2 12 Aug
Please check for the latest signature updates.
FILE
------------------------------------------------------------------------
wiwshost.exe
------------------------------------------------------------------------
The Windows PE (I386,DLL) file "wiwshost.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
We will inform you by email ASAP when we have a signature update
available providing detection.
FILE
------------------------------------------------------------------------
To_reduce_the_tax.rar
------------------------------------------------------------------------
The PkWare Zip Archive file "To_reduce_the_tax.rar" has been determined
to be clean. For the results of files contained please see below. Such
files normally need the "zip" extension to be opened.
FILE
------------------------------------------------------------------------
Taxes.exe
------------------------------------------------------------------------
The Windows PE (I386,EXE) file "Taxes.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(W32/Mitglieder.EO) (W32/Bagle.dldr.gen) (Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
The detection is not available with the default settings. Please
select "Reviewer" mode in the advanced scan options.
Engine Update version Last Update
23.70.0 23.70.2 12 Aug
Please check for the latest signature updates.
FILE
------------------------------------------------------------------------
wiwshost.exe
------------------------------------------------------------------------
The Windows PE (I386,DLL) file "wiwshost.exe" has been determined to be
malicious. The file has been identified as Win32.Glieder!generic
trojan.
Aliases reported by other AV products are listed here:
(Trojan.Tooso.L)
CA antivirus products address this malware as follows:
------------------------------------------------------
eTrust Antivirus 6.x/v7 (Vet Engine)
Engine Update version Last Update
11.9.1 11.9.9332 12 Aug
Please check for the latest signature updates.
eTrust Antivirus 6.x/v7 (InoculateIT Engine)
We will inform you by email ASAP when we have a signature update
available providing detection.
Con lo cual confirma lo de siempre el Norton es una caca. Normalmente tengo el KAV pero como he formateado me puse el Norton 2004 provisionalmente.