PCSL 可疑恶意网站每日分析 20081014

显示全部楼层 · 发表于 2008-10-14 21:24:10

hxxp://www.alpha-accz.ws/image.jpg.exe
hxxp://www.alpha-accz.ws/ri0t.exe
hxxp://virus-labs2009.com/distrib/1/virlab_install.exe
hxxp://125.91.10.231/js/suen.exe
hxxp://download.a-a-v-2008.com:8080/AAVSetup.exe
hxxp://www.lastwmpupdate.com/download.php?id=1684
hxxp://www.lastwmpupdate.com/download.php?id=417
hxxp://www.lastwmpupdate.com/download.php?id=1161
hxxp://www.lastwmpupdate.com/download.php?id=1640
hxxp://www.lastwmpupdate.com/download.php?id=1464

显示全部楼层 · 发表于 2008-10-14 21:28:52

HXXP真不爽

显示全部楼层 · 发表于 2008-10-14 21:36:19

今天几个体积较大。

显示全部楼层 · 发表于 2008-10-14 21:37:17

剩余TO KL

显示全部楼层 · 发表于 2008-10-14 21:43:27

点击下载样本
virus

.

[ 本帖最后由 zjsxsycj 于 2008-10-14 21:54 编辑 ]

显示全部楼层 · 发表于 2008-10-14 21:49:01

病毒 2008-10-14 21:48:10 病毒在文件C:\Documents and Settings\Administrator\桌面\suen.exe.td中 Win32.Parite.d.1436 处理成功（操作：删除）

显示全部楼层 · 发表于 2008-10-14 21:50:08

"Infections"
"File";"Infection";"Result"
"F:\新建文件夹 (2)\image.jpg.exe";"Trojan horse BackDoor.Ircbot.FQH";"Infected"
"F:\新建文件夹 (2)\ri0t.exe";"Trojan horse BackDoor.Ircbot.FQH";"Infected"
"F:\新建文件夹 (2)\suen.exe";"Trojan horse Flooder.H";"Infected"
"F:\新建文件夹 (2)\virlab_install.exe";"Trojan horse Generic_c.YOW";"Infected"
"F:\新建文件夹 (2)\virlab_install.exe:\$JF\VirRL2009.exe";"Trojan horse Generic_c.YOW";"Infected"

显示全部楼层 · 发表于 2008-10-14 21:51:28

hxxp://www.alpha-accz.ws/image.jpg.exe
hxxp://www.alpha-accz.ws/ri0t.exe

MD5 相同~

显示全部楼层 · 发表于 2008-10-14 22:00:28

Dear Sir Wangjay!

setup(1).exe_, setup(2).exe_, setup(3).exe_, setup(4).exe_, setup.exe_ - Trojan-Downloader.Win32.Zlob.rtg

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

This sample very good!

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

--
Best regards, Andrey Ladikov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-10-14 22:20:44

Warning: The content of this website is part of a unwanted category: Malware

Requested URL: http://virus-labs2009.com/distrib/1/virlab_install.exe

Generated by AntiVir WebGuard 8.0.15.0, WCDB 7.0.1014.1230
Warning: The content of this website is part of a unwanted category: Malware

Requested URL: http://download.a-a-v-2008.com:8080/AAVSetup.exe

Generated by AntiVir WebGuard 8.0.15.0, WCDB 7.0.1014.1230

Begin scan in 'C:\Users\TOSHIBA\Desktop\setup.exe'
Begin scan in 'C:\Users\TOSHIBA\Desktop\suen.exe'
C:\Users\TOSHIBA\Desktop\suen.exe
[DETECTION] Contains code of the W32/Parite Windows virus
[NOTE]    A backup was created as '4959a979.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'C:\Users\TOSHIBA\Desktop\image.jpg.exe'
C:\Users\TOSHIBA\Desktop\image.jpg.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.210944 worm
[NOTE]    A backup was created as '4955a971.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'C:\Users\TOSHIBA\Desktop\ri0t.exe'
C:\Users\TOSHIBA\Desktop\ri0t.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.210944 worm
[NOTE]    A backup was created as '4924a96d.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

[已鉴定] PCSL 可疑恶意网站每日分析 20081014

评分

评分

评分

评分