New variant of Feebs

New variant of Feebs

Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
New variant of Feebs Art 01-25-2006
Posted by Art on January 25, 2006, 6:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip
The message reads as:
********************
ID: 46916
Password: cdmmaieos

Message is attached.

Thank you,
Encrypted Message Service,
MSN.com
*******************
However, it's not a password protected zip. The content
is a .HTA file.

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).

Art
http://home.epix.net/~artnpeg

Posted by Ian Kenefick on January 25, 2006, 7:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Art wrote:
> Kaspersky alerted as Worm.Win32.Feebs.gen on a email
> attackment that came through as message.zip

<snip>

> Very few av scanners alert, according to Virus Total and
> jotti. In fact, Virus Total didn't show KAV as alerting,
> suggesting KAV hadn't yet been updated there when
> I tried it. The attackment got through my ISP's
> av scanner (I rarely see email attackments).

Kaspersky added an update for feebs.gen 2 days ago so I think that this
is not the reason for virustotal not detecting this.

http://www.kaspersky.com/viruswatchlite?search_virus=feebs&hour_offset=-3
shows that kaspersky added detection for a new variant today though.

--
Ian Kenefick
http://www.ik-cs.com
ian@ik-cs.com

Posted by Ian Kenefick on January 25, 2006, 7:27 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Art wrote:
> Kaspersky alerted as Worm.Win32.Feebs.gen on a email
> attackment that came through as message.zip

The detection for a new variant was added tonight. You can see the
detections to date for this here..

http://www.kaspersky.com/viruswatchlite?search_virus=feebs&hour_offset=-3


--
Ian Kenefick
http://www.ik-cs.com
ian@ik-cs.com

Similar ThreadsPosted
Re: New variant? July 1, 2008, 9:09 am
Another Mytob variant November 27, 2005, 8:56 am
New Haxdoor Variant August 13, 2006, 9:11 pm
Key Logger variant? November 5, 2006, 10:09 pm
New Storm variant? September 6, 2007, 11:00 am
Newer Mytob variant September 7, 2005, 12:42 pm
Re: Newer Mytob variant September 7, 2005, 2:53 pm
New email worm variant February 6, 2007, 12:59 pm
New Variant of Gpcode Found June 9, 2008, 2:33 pm

The site map in XML format XML site map

Contact Us | Privacy Policy