New variants virus (Zbot, Trojan Downloader, Artemis) from email sender

Dear All,

Today our workmate outlook received some attached file which is avast not recognized yet,

There is a three attached file which submitted to avast already,

Please find the additional information :

According to online virus scanner :

File_13671 Folder : (Identified as Artemis variants by McAfee and Trojan Packed by Dr.Web)

http://www.virustotal.com/analisis/e42697e0a3e09da3dfdb90bee85c24413e5ba289c4412a10c516d8aaabbd065d-1281152133
http://virusscan.jotti.org/en/scanresult/76e63a9e5205dd453c8ae04447e33adce205c0c0/2cb58b5f0feb2be52942e06f98e0a26c8a186e5a

Tax Statement Folder : (Mostly antivirus engine identified as Zbot variants)

http://www.virustotal.com/analisis/b24b1219af68aae74f414580031cb4f63d3574cc45e2c30bb044b7f7b7cb9d9d-1281147201
http://virusscan.jotti.org/en/scanresult/4885a6963528ecc0941b9c1b282d8ef1124a0458/5d60cdd3e66f00f8784c6c06c5f3d0726b3a931d

YoSendIt reader Folder : (Mostly antivirus engine identified as Trojan Downloader variants)

http://www.virustotal.com/analisis/b2f337e9fdd70e971658138a7cfd28f6c0dfc5050dbd9106cc28ba8cb45e482f-1281151860
http://virusscan.jotti.org/en/scanresult/7a6e915d329ed77a90c5828ddaa003ba2fa88e14/33b4dffb957f241b137e25a409a89e4b1d929008

I upload the sample of virus to MediaFire :
http://www.mediafire.com/?jm650unn7i4c9hn

(Please don’t clicked the exe file, if you don’t have any experiment in virus or malware world)

cheers,

I’ve submitted them to several others that weren’t detecting them.

Hi Marc57,

Thanks for your sharing, by the way what is several others that you means?

cheers,

Symantec, virobot, f-secure, Microsoft, Nod 32

I swear symantec is FAST. I uploaded file_13671 to their site, They sent me an e-mail that they got it and TWO minutes later I got a second e-mail that said it was malware and if I was using their product I could have downloaded the defs. Now THAT’S fast.

Hi Marc57,

Fast but please make sure that Symantec can clean out all the stuffs,
Because some AV engine only can detected but can’t cleaned it out.

cheers,

I’m not using Symantec, I just try to send new Malware to as many as I can, to make sure others are protected.

Hi Marc57,

Oh i see,
So that would be a good respond from Symantec. ;D

Here’s the new update :

avast! [YANTOCHIANG-PC]: File “C:\Users\YantoChiang\Desktop\Viruses\new virus\file_13671\file_13671.exe” is infected by “Win32:Oficla-X [Wrm]” virus.

avast! [YANTOCHIANG-PC]: File “C:\Users\YantoChiang\Desktop\Viruses\new virus\tax_statement\tax_statement.exe” is infected by “Win32:Trojan-gen” virus

avast! [YANTOCHIANG-PC]: File “C:\Users\YantoChiang\Desktop\Viruses\new virus\YouSendIt_reader\YouSendIt_reader.exe” is infected by “Win32:Fitmu-B [Spy]” virus.

Nice update,

cheers,