Nueva variante de la temible familia RORPIAN
Otra variante similar a la que ya indicabamos en https://blog.satinfo.es/?p=13944, que requiere nueva version del ELISTARA 23.10 para eliminarla, si bien ya con las anteriores se detectaba al pulsar en SALIR y se pedia envio de muestras para analizar/controlar
Recordamos que usa tecnicas del STUXNET (CPL/LNK), además de icono de carpètas para ficheros maliciosos y de AUTORUN.INF por si no hay aplicado el ELIPEN, ademas de propagarse por comparticiones de Red, por lo que deben seguirse puntualmente las indicaciones de la noticia indicada en el parrafo anterior, para conseguir su eliminacion.
Lo componen básicamente estos ficheros:
File name: autorun.inf
Submission date: 2011-04-26 14:12:33 (UTC)
Current status: finished
Result: 16 /42 (38.1%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.26.06 2011.04.26 –
AntiVir 7.11.7.7 2011.04.25 –
Antiy-AVL 2.0.3.7 2011.04.26 –
Avast 4.8.1351.0 2011.04.26 INF:AutoRun-gen2
Avast5 5.0.677.0 2011.04.26 INF:AutoRun-gen2
AVG 10.0.0.1190 2011.04.26 Worm/Auto
BitDefender 7.2 2011.04.26 –
CAT-QuickHeal 11.00 2011.04.26 –
ClamAV 0.97.0.0 2011.04.25 –
Commtouch 5.3.2.6 2011.04.26 IS/Autorun.IE
Comodo 8484 2011.04.26 –
DrWeb 5.0.2.03300 2011.04.26 –
Emsisoft 5.1.0.5 2011.04.26 –
eSafe 7.0.17.0 2011.04.25 –
eTrust-Vet 36.1.8290 2011.04.25 INF/SillyAutorun.EYI
F-Prot 4.6.2.117 2011.04.26 IS/Autorun.IE
F-Secure 9.0.16440.0 2011.04.26 –
Fortinet 4.2.257.0 2011.04.26 –
GData 22 2011.04.26 INF:AutoRun-gen2
Ikarus T3.1.1.103.0 2011.04.26 –
Jiangmin 13.0.900 2011.04.25 –
K7AntiVirus 9.98.4474 2011.04.25 EmailWorm
Kaspersky 9.0.0.837 2011.04.26 –
McAfee 5.400.0.1158 2011.04.26 Generic!atr.b
McAfee-GW-Edition 2010.1D 2011.04.26 –
Microsoft 1.6802 2011.04.26 Worm:Win32/Rorpian.E!inf
NOD32 6071 2011.04.26 Win32/Ramnit.A.Gen
Norman 6.07.07 2011.04.26 INF/Autorun.KL
Panda 10.0.3.5 2011.04.25 –
PCTools 7.0.3.5 2011.04.21 –
Prevx 3.0 2011.04.26 –
Rising 23.55.01.05 2011.04.26 –
Sophos 4.64.0 2011.04.26 W32/Autorun-BMG
SUPERAntiSpyware 4.40.0.1006 2011.04.26 –
Symantec 20101.3.2.89 2011.04.26 –
TheHacker 6.7.0.1.183 2011.04.26 –
TrendMicro 9.200.0.1012 2011.04.26 Mal_Otorun1
TrendMicro-HouseCall 9.200.0.1012 2011.04.26 Mal_Otorun1
VBA32 3.12.16.0 2011.04.26 –
VIPRE 9124 2011.04.26 INF.Autorun.i (v)
ViRobot 2011.4.26.4431 2011.04.26 –
VirusBuster 13.6.321.0 2011.04.26 –
Additional informationShow all
MD5 : cf371e7ec44e12e308f800a3e0c65d4e
SHA1 : 3aa4a051e3d865b87ee852ecfba70934ac32d978
__________
File name: myporno.avi.lnk
Submission date: 2011-04-26 14:20:47 (UTC)
Current status: finished
Result: 20 /42 (47.6%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.26.06 2011.04.26 –
AntiVir 7.11.7.7 2011.04.25 –
Antiy-AVL 2.0.3.7 2011.04.26 –
Avast 4.8.1351.0 2011.04.26 LNK:Lnkbaddst-AB
Avast5 5.0.677.0 2011.04.26 LNK:Lnkbaddst-AB
AVG 10.0.0.1190 2011.04.26 –
BitDefender 7.2 2011.04.26 Trojan.Lnk.Runner.D
CAT-QuickHeal 11.00 2011.04.26 LNK.RunDll.Exploit
ClamAV 0.97.0.0 2011.04.25 –
Commtouch 5.3.2.6 2011.04.26 –
Comodo 8484 2011.04.26 –
DrWeb 5.0.2.03300 2011.04.26 –
Emsisoft 5.1.0.5 2011.04.26 –
eSafe 7.0.17.0 2011.04.25 –
eTrust-Vet 36.1.8290 2011.04.25 LNK/SillyAutorun
F-Prot 4.6.2.117 2011.04.26 –
F-Secure 9.0.16440.0 2011.04.26 Trojan.Lnk.Runner.D
Fortinet 4.2.257.0 2011.04.26 –
GData 22 2011.04.26 Trojan.Lnk.Runner.D
Ikarus T3.1.1.103.0 2011.04.26 –
Jiangmin 13.0.900 2011.04.25 –
K7AntiVirus 9.98.4474 2011.04.25 Exploit
Kaspersky 9.0.0.837 2011.04.26 Trojan.Win32.Menti.ggrz
McAfee 5.400.0.1158 2011.04.26 W32/Autorun.worm.aabl!lnk
McAfee-GW-Edition 2010.1D 2011.04.26 –
Microsoft 1.6802 2011.04.26 Worm:Win32/Rorpian.E!lnk
NOD32 6071 2011.04.26 –
Norman 6.07.07 2011.04.26 LNK/CplLnk.U
Panda 10.0.3.5 2011.04.25 W32/Vobfus.GEP.worm
PCTools 7.0.3.5 2011.04.21 Net-Worm.SillyFDC
Prevx 3.0 2011.04.26 –
Rising 23.55.01.05 2011.04.26 –
Sophos 4.64.0 2011.04.26 Troj/Cplink-O
SUPERAntiSpyware 4.40.0.1006 2011.04.26 –
Symantec 20101.3.2.89 2011.04.26 W32.SillyFDC.BDP
TheHacker 6.7.0.1.183 2011.04.26 –
TrendMicro 9.200.0.1012 2011.04.26 LNK_OTORUN.SM
TrendMicro-HouseCall 9.200.0.1012 2011.04.26 LNK_OTORUN.SM
VBA32 3.12.16.0 2011.04.26 –
VIPRE 9124 2011.04.26 Trojan.LNK.Otorun.sm (v)
ViRobot 2011.4.26.4431 2011.04.26 Worm.Win32.Rorpian.457.B
VirusBuster 13.6.321.0 2011.04.26 –
Additional informationShow all
MD5 : 2ca80448940daf4d45997ebf9e12dd64
SHA1 : 7372c6cfa31230ef3a9ac3a8d38e228dc73e9c3c
______________
File name: pornmovs.lnk
Submission date: 2011-04-26 14:25:59 (UTC)
Current status: finished
Result: 20 /41 (48.8%)
VT Community
not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.26.06 2011.04.26 –
AntiVir 7.11.7.7 2011.04.25 –
Antiy-AVL 2.0.3.7 2011.04.26 –
Avast 4.8.1351.0 2011.04.26 LNK:Lnkbaddst-AB
Avast5 5.0.677.0 2011.04.26 LNK:Lnkbaddst-AB
AVG 10.0.0.1190 2011.04.26 –
BitDefender 7.2 2011.04.26 Trojan.Lnk.Runner.D
CAT-QuickHeal 11.00 2011.04.26 LNK.Exploit.Gen
ClamAV 0.97.0.0 2011.04.25 –
Commtouch 5.3.2.6 2011.04.26 –
Comodo 8484 2011.04.26 –
DrWeb 5.0.2.03300 2011.04.26 –
eSafe 7.0.17.0 2011.04.25 –
eTrust-Vet 36.1.8290 2011.04.25 LNK/SillyAutorun
F-Prot 4.6.2.117 2011.04.26 –
F-Secure 9.0.16440.0 2011.04.26 Trojan.Lnk.Runner.D
Fortinet 4.2.257.0 2011.04.26 –
GData 22 2011.04.26 Trojan.Lnk.Runner.D
Ikarus T3.1.1.103.0 2011.04.26 –
Jiangmin 13.0.900 2011.04.25 –
K7AntiVirus 9.98.4474 2011.04.25 Exploit
Kaspersky 9.0.0.837 2011.04.26 Trojan.Win32.Menti.ggrz
McAfee 5.400.0.1158 2011.04.26 W32/Autorun.worm.aabl!lnk
McAfee-GW-Edition 2010.1D 2011.04.26 –
Microsoft 1.6802 2011.04.26 Worm:Win32/Rorpian.E!lnk
NOD32 6071 2011.04.26 –
Norman 6.07.07 2011.04.26 LNK/CplLnk.U
Panda 10.0.3.5 2011.04.25 W32/Vobfus.GEP.worm
PCTools 7.0.3.5 2011.04.21 Net-Worm.SillyFDC
Prevx 3.0 2011.04.26 –
Rising 23.55.01.05 2011.04.26 –
Sophos 4.64.0 2011.04.26 Troj/Cplink-O
SUPERAntiSpyware 4.40.0.1006 2011.04.26 –
Symantec 20101.3.2.89 2011.04.26 W32.SillyFDC.BDP
TheHacker 6.7.0.1.183 2011.04.26 –
TrendMicro 9.200.0.1012 2011.04.26 LNK_OTORUN.SM
TrendMicro-HouseCall 9.200.0.1012 2011.04.26 LNK_OTORUN.SM
VBA32 3.12.16.0 2011.04.26 –
VIPRE 9124 2011.04.26 Trojan.LNK.Otorun.sm (v)
ViRobot 2011.4.26.4431 2011.04.26 Worm.Win32.Rorpian.457.B
VirusBuster 13.6.321.0 2011.04.26 –
Additional informationShow all
MD5 : 52ac78c7722e45f90272e5a89cfc830f
SHA1 : 57f215a93014e94a66e2dc3ce60dd388013b9282
___________
File name: setup50045.lnk
Submission date: (UTC)
Current status: finished
Result: 20 /42 (47.6%)
VT Community
malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.14.00 2011.04.14 –
AntiVir 7.11.6.107 2011.04.14 EXP/CVE-2010-2568.B
Antiy-AVL 2.0.3.7 2011.04.14 –
Avast 4.8.1351.0 2011.04.14 LNK:Runner
Avast5 5.0.677.0 2011.04.14 LNK:Runner
AVG 10.0.0.1190 2011.04.14 –
BitDefender 7.2 2011.04.14 Exploit.CplLnk.Gen
CAT-QuickHeal 11.00 2011.04.14 –
ClamAV 0.97.0.0 2011.04.14 –
Commtouch 5.2.11.5 2011.04.14 CVE-2010-2568!Camelot
Comodo 8337 2011.04.14 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.04.14 –
Emsisoft 5.1.0.5 2011.04.14 Exploit.CplLnk!IK
eSafe 7.0.17.0 2011.04.13 LNK-Exp.CVE-2010-2568.gen
eTrust-Vet 36.1.8271 2011.04.14 –
F-Prot 4.6.2.117 2011.04.13 –
F-Secure 9.0.16440.0 2011.04.14 Exploit:W32/WormLink.C
Fortinet 4.2.257.0 2011.04.14 LNK/ShellLink.CVE20102568
GData 22 2011.04.14 Exploit.CplLnk.Gen
Ikarus T3.1.1.103.0 2011.04.14 Exploit.CplLnk
Jiangmin 13.0.900 2011.04.13 –
K7AntiVirus 9.96.4382 2011.04.13 Trojan
Kaspersky 7.0.0.125 2011.04.14 –
McAfee 5.400.0.1158 2011.04.14 W32/Autorun.worm.aabl!lnk
McAfee-GW-Edition 2010.1C 2011.04.14 –
Microsoft 1.6702 2011.04.14 –
NOD32 6040 2011.04.14 LNK/Exploit.CVE-2010-2568
Norman 6.07.07 2011.04.13 –
Panda 10.0.3.5 2011.04.14 –
PCTools 7.0.3.5 2011.04.13 –
Prevx 3.0 2011.04.14 –
Rising 23.53.02.06 2011.04.13 –
Sophos 4.64.0 2011.04.14 –
SUPERAntiSpyware 4.40.0.1006 2011.04.14 –
Symantec 20101.3.2.89 2011.04.14 –
TheHacker 6.7.0.1.173 2011.04.13 Trojan/LNK.exploit
TrendMicro 9.200.0.1012 2011.04.14 LNK_AUTORUN.WQQ
TrendMicro-HouseCall 9.200.0.1012 2011.04.14 LNK_AUTORUN.WQQ
VBA32 3.12.16.0 2011.04.13 –
VIPRE 9011 2011.04.14 Exploit.LNK.CVE-2010-2568 (v)
ViRobot 2011.4.14.4410 2011.04.14 Exploit.CVE-2010-2568.A
VirusBuster 13.6.303.0 2011.04.13 –
Additional informationShow all
MD5 : e34b707c09f4067d3e41e2c154c0a3b2
SHA1 : 1b194e45acbadc9b781258cb96ab268fd528068f
___________
File name: setup50045.fon
Submission date: (UTC)
Current status: finished
Result: 34 /42 (81.0%)
VT Community
not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.21.00 2011.04.21 Win-Trojan/Downloader.61448
AntiVir 7.11.6.217 2011.04.21 TR/Kazy.18130
Antiy-AVL 2.0.3.7 2011.04.21 Trojan/Win32.Diple.gen
Avast 4.8.1351.0 2011.04.20 Win32:Rorpian
Avast5 5.0.677.0 2011.04.20 Win32:Rorpian
AVG 10.0.0.1190 2011.04.20 Generic21.CMYX
BitDefender 7.2 2011.04.21 Gen:Variant.Kazy.18130
CAT-QuickHeal 11.00 2011.04.20 Worm.Rorpian
ClamAV 0.97.0.0 2011.04.21 –
Commtouch 5.3.2.6 2011.04.21 –
Comodo 8417 2011.04.21 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.04.21 Trojan.DownLoader2.28708
Emsisoft 5.1.0.5 2011.04.21 Net-Worm.Win32.Kolab!IK
eSafe 7.0.17.0 2011.04.20 –
eTrust-Vet 36.1.8282 2011.04.20 Win32/SillyAutorun.EZA
F-Prot 4.6.2.117 2011.04.21 –
F-Secure 9.0.16440.0 2011.04.21 Gen:Variant.Kazy.18130
Fortinet 4.2.257.0 2011.04.21 W32/AUTORUN.SM6!worm
GData 22 2011.04.21 Gen:Variant.Kazy.18130
Ikarus T3.1.1.103.0 2011.04.21 Net-Worm.Win32.Kolab
Jiangmin 13.0.900 2011.04.21 Trojan/Diple.axs
K7AntiVirus 9.97.4439 2011.04.20 Riskware
Kaspersky 7.0.0.125 2011.04.21 –
McAfee 5.400.0.1158 2011.04.21 W32/Autorun.worm.aabl
McAfee-GW-Edition 2010.1D 2011.04.20 W32/Autorun.worm!ma
Microsoft 1.6802 2011.04.20 Worm:Win32/Rorpian
NOD32 6059 2011.04.21 Win32/AutoRun.Agent.ABK
Norman 6.07.07 2011.04.20 W32/Suspicious_Gen2.KSWSM
Panda 10.0.3.5 2011.04.20 Generic Trojan
PCTools 7.0.3.5 2011.04.20 Net-Worm.SillyFDC
Prevx 3.0 2011.04.21 –
Rising 23.54.02.06 2011.04.20 –
Sophos 4.64.0 2011.04.21 W32/Autorun-BPK
SUPERAntiSpyware 4.40.0.1006 2011.04.21 –
Symantec 20101.3.2.89 2011.04.21 W32.SillyFDC.BDP
TheHacker 6.7.0.1.180 2011.04.21 Trojan/AutoRun.Agent.abk
TrendMicro 9.200.0.1012 2011.04.21 WORM_AUTORUN.SM6
TrendMicro-HouseCall 9.200.0.1012 2011.04.21 WORM_AUTORUN.SM6
VBA32 3.12.16.0 2011.04.20 Trojan.Diple.jon
VIPRE 9077 2011.04.21 Trojan.Win32.Generic!BT
ViRobot 2011.4.21.4421 2011.04.21 Trojan.Win32.Diple.61448
VirusBuster 13.6.313.2 2011.04.20 Trojan.Diple!5W9hgt041Ao
Additional informationShow all
MD5 : 85542bcab4c19076388dc2ea6cef7b80
SHA1 : 7bc3d0d4876055c05a3c7ea72cce373a879effdc
Tener en cuenta los puntos indicados en la noticia sobre como eliminarlo, indicada al principio, pues tiene varios frentes de infeccion y si se salta cualquiera de ellos, volverá a regenerarse.
La version del ELISTARA 23.10 estará disponible en version de emergencia a partir de las 17 h CEST de hoy
saludos
ms, 26-4-2011
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Los comentarios están cerrados.