521

Nice catch…! :slight_smile:

522

http://www.virustotal.com/file-scan/report.html?id=305c4e7165d53f37fe537c53c9067518dcc069e55f58473fcba607c5b5d665ba-1323451619

Rogue.FakeHDD

523

Hi razoreqx,

Same category: http://www.virustotal.com/file-scan/report.html?id=e4e269d9ad00071607b85105055b223b781fc7ab0f0df70f79f084ae0d639304-1323464483
See this analysis, based on same MD5 hash: http://camas.comodo.com/cgi-bin/submit?file=e4e269d9ad00071607b85105055b223b781fc7ab0f0df70f79f084ae0d639304

This is how DrWeb’s URL scanner detected this malware:
Checking: -http://46.166.157.31/up_4.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2910580
File size: 169.50 KB
File MD5: 0f38403648d34e9987abf501af245973

-http://46.166.157.31/up_4.exe packed by UPX

-http://46.166.157.31/up_4.exe infected with BackDoor.IRC.NgrBot.42

reported to virus AT avast dot com,

polonus

524

Winlock aka Ransom

http://www.virustotal.com/file-scan/report.html?id=9533fad13324e0aa16ec9d7250753a28ea7ec1972c946c0dd9eb502ffd73372d-1323503872

http://www.virustotal.com/file-scan/report.html?id=b71cc22b75dde1610ba065151f87735d2715c4d4414846a68aca9b59dae9874b-1323504047

http://www.virustotal.com/file-scan/report.html?id=4b5a061be2f901a13ecb6b53cb3bf5ba111ae5cf53187cd7fae496d6822040ab-1323545076

http://www.virustotal.com/file-scan/report.html?id=cc8b56624eb01e5b1ed97176beee1069a0feedd3a889df726797b22e63efb8f1-1323545889

reported to virus AT avast dot com

525

http://www.virustotal.com/file-scan/report.html?id=afe2dad20ed7197d4c5ea434754a8244ab74dca897eed1be406c49312410911f-1323690671

Win32/Kryptik.XDF

Sample uploaded

526

http://www.virustotal.com/file-scan/report.html?id=e0418aedec38ddd20ec322c736c1090f88de9522d00f49289c8cabb65e91d35d-1323691928
Rogue.FakeRean
Sample uploaded.

GET /SecureKit2011.exe HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, /
Referer: hxxp://ihbbdbungles.info/global-scan/
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinTSI 08.01.2010; .NET4.0C; .NET4.0E)
Host: ihbbdbungles.info
Connection: keep-alive
Via: 1.1 OHAEPHQAS700
HTTP/1.1 200 OK
Server: nginx/1.0.5
Date: Sun, 11 Dec 2011 19:40:22 GMT
Content-Type: application/x-msdownload
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2011 19:37:03 GMT
ETag: “4e6d9e-44e00-4b3d6247715c0”
Accept-Ranges: bytes
Content-Length: 282112

527

VirusTotal - 10/43 - SkyKeygen Avast 6.x.x.exe
http://www.virustotal.com/file-scan/report.html?id=794c9496ba67d57f2efcbe14ad1c7ce3e4f8744d7c73933b31f9f918cffd79bf-1323722776

soon in avast inbox :wink:

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=3687024420926c956f6260405aa08592

528

Trogjan.FakeAlert
file: scandsk.exe
http://virusscan.jotti.org/en/scanresult/0fb58945fd6cadafc9c03010c7bceebc5691a315

http://www.metascan-online.com/results.cgi?uid=gu4camxrse0oaaci043y25zp5tn4p9cx

ThreatExpert.
http://www.threatexpert.com/report.aspx?md5=8fa84e89b3d20659a6c9aec9bb5b0829

Sample Sent.

529

Zeus config url not detected Zeus C&C everest-club dot ru: http://vscan.urlvoid.com/analysis/b1bf3c1430056ba2fefcc718f8e3be29/d2UtZXhl/
See: http://siteinspector.comodo.com/public/reports/show_log?id=5953

polonus

530

Trojan.Karagany

http://www.virustotal.com/file-scan/report.html?id=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369-1323876452

http://camas.comodo.com/cgi-bin/submit?file=6e8ef8e2e14589787c54add5673570491a577473fae45e1eca626ff71a075369

http://www.threatexpert.com/report.aspx?md5=59392f88262a30db38f29486b46bb7b6

531

Undetected, PUP, riskware or FP?

http://www.virustotal.com/url-scan/report.html?id=6c9e59e62b725654da98b9bf4be2927b-1323874134
&
http://www.virustotal.com/url-scan/report.html?id=6c9e59e62b725654da98b9bf4be2927b-1323874134
&
http://camas.comodo.com/cgi-bin/submit?file=9fa77a2795e02b6c3932a517cb573eb520c2421c9d78f79a003b4e06eb91fcce&iframe=

last scan gives undetected… see: http://urlquery.net/queued.php?id=11825 (suspicious)

polonus

532

See: http://www.virustotal.com/url-scan/report.html?id=a194e954d39c0dd69ffb05f6c652e712-1323874466
&
http://www.virustotal.com/file-scan/report.html?id=8d08a15049f68e1352f08b2ac0b32b8d642c176801821811a235bf6ddf6bcc1a-1323878220

Here detected by DrWeb URL checker:

-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2928866
File size: 317.96 KB
File MD5: 5b1c5f2547628a212d403abd3f62cc9b

-http://u.websuprt.co.kr/NewSidebar/webSupporter/webSurt.exe contains an advertising software Adware.Searcher.1334

reported to vrtus AT avast dot com, could be added as PUP (so won’t be seen, but can be added)

pol

533

Submitted via Virus Chest.

http://virusscan.jotti.org/en/scanresult/6aaefaeb55cdae5e001f9b6f4e29b4049772e971

http://www.threatexpert.com/report.aspx?md5=b69811163d48fc9ef16a939242dcbacc

534

WORM/Dorkbot.AD.1 not detected: http://www.virustotal.com/file-scan/report.html?id=ca156ba8d276e76787e6d433a392c8f3dc9755d9954e7bcb6d5c68d80b1cd663-1323989079
See: http://camas.comodo.com/cgi-bin/submit?file=ca156ba8d276e76787e6d433a392c8f3dc9755d9954e7bcb6d5c68d80b1cd663
and
http://www.threatexpert.com/report.aspx?md5=1b52eeaf196290fade3a8c1ad62a8710
malicious: http://urlquery.net/report.php?id=12105

reported to virus AT avast dot com

polonus

535

See: http://www.virustotal.com/url-scan/report.html?id=ef0c31e8e60340a67f8a046f78e5d78c-1324059347
&
http://www.virustotal.com/file-scan/report.html?id=ca060c4b10b6a548cc50539ba38586fe51cee2cfc9bd27e5a83ccc74e333fccc-1324062950
TROJ_PIDEX.SMJ not detected
anubis analysis report: http://anubis.iseclab.org/?action=result&task_id=117cadcbdf18399f4792ad31722f749db

polonus

536

TR/PSW.Zbot.Y.2067 not detected:
http://www.virustotal.com/url-scan/report.html?id=6acdbdc39e21f86dd10d720857812e41-1324060092
&
http://www.virustotal.com/file-scan/report.html?id=2c07f90d8890b04ef45528869daae4b9e307a94cb8a8e14801379b23a0a4bff4-1324063832

reported to virus at avast dot com

Well and this one was in their own back garden, abuse at nethost dot cz

D

537

Detection of EXP/SWF.AH missed:
See: http://www.virustotal.com/url-scan/report.html?id=ab5f83eeac09e5ba58b7dbae15d7f1ff-1324127882
and
http://www.virustotal.com/file-scan/report.html?id=c2b39f12699301b18eba51660dd2e3991d58f3a48c2cf2dbb972e5110abc20ba-1324134052
Malware galore there: http://www.google.com/safebrowsing/diagnostic?site=http%3A//chat4freelab.in/content/field.swf

reported to virus AT avast dot com

polonus

538

Detection missed for worm: http://www.virustotal.com/url-scan/report.html?id=e9ad4368a9d455a0cc25c9671634b9bb-1324214647
and
http://www.virustotal.com/file-scan/report.html?id=98bce191023c09a8c0265668a1f8fedc05baeed2fba3d15bab3acad07132e13d-1324218382

polonus

539

Undetected malwares

1: http://www.virustotal.com/file-scan/report.html?id=c16438de2cf1615ff5775ff8c3a6dfcd6c28b3490e611b02a26d7fe884e90aad-1324245994

2: http://www.virustotal.com/file-scan/report.html?id=0c59457bd4abeb6a7fb824ef9c297eb60ae5f8fa6b0a5966c93a39ef6165d7ce-1324246777

540

Is this the same by the way http://www.virustotal.com/file-scan/report.html?id=0c59457bd4abeb6a7fb824ef9c297eb60ae5f8fa6b0a5966c93a39ef6165d7ce-1324246777

a keyfinder set/up executable

polonus