Nope not worms. 1 Trojan and 1 Backdoor
(although backdoors are under Trojans, and are classified as Remote
Access Trojans, but as usual, I digress).
Attachment names are:
The current detections are (based on MIST):
WithLove.zip (29,459 bytes)
eirhb.zip (108,296 bytes)
How come this wasn’t posted under the advisories you say? Well as
you may have noticed, the advisories include email details. For
these 2 malwares, we do not yet have the email details, but our
sources indicate that these came from spammed emails.
(although backdoors are under Trojans, and are classified as Remote
Access Trojans, but as usual, I digress).
Attachment names are:
- WithLove.zip (extracts as: “WithLove.jpg [looooots of
spaces].exe”) - eirhb.zip (extracts as: “eirhb.txt [again looots of
spaces].exe”)
The current detections are (based on MIST):
WithLove.zip (29,459 bytes)
- TrendMicro : PAK_Generic.001
- Symantec : NO_VIRUS
- Kaspersky : Trojan-Spy.Win32.Goldun.fj
- McAfee : Generic Malware.a!zip
- Sophos : NO_VIRUS
- Panda : NO_VIRUS
eirhb.zip (108,296 bytes)
- TrendMicro : Possible_Virus
- Symantec : NO_VIRUS
- Kaspersky : Backdoor.Win32.SdBot.xd
- McAfee : Generic Malware.a!zip
- Sophos : NO_VIRUS
- Panda : NO_VIRUS
How come this wasn’t posted under the advisories you say? Well as
you may have noticed, the advisories include email details. For
these 2 malwares, we do not yet have the email details, but our
sources indicate that these came from spammed emails.
Update (JJ,
02 December 2005 21:53:56)
Well well what do you know, the supposed
“Backdoor” is really a worm and will be detected as WORM_MYTOB.NF,
while the “WithLove” will be detected as TSPY_GOLDUN.BA. :D
“Backdoor” is really a worm and will be detected as WORM_MYTOB.NF,
while the “WithLove” will be detected as TSPY_GOLDUN.BA. :D
Update (JJ,
02 December 2005 22:55:32)
Finally! An actual email sample from
WORM_MYTOB.NF! Check out the advisories page for the usual stuff.
WORM_MYTOB.NF! Check out the advisories page for the usual stuff.
