Variante de BACKDOOR LOLBOT

Recibimos dos ficheros diferentes que pasamos a incluir en una mismo dereccion como BACKDOOR LOLBOT.
Controlados a partir de ELITRIIP 7.25
File name: Photo-118773991273-jpg scr
Submission date: 2011-02-07 14:49:48 (UTC)
Current status: finished
Result: 37 /43 (86.0%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.02.06.00 2011.02.06 Downloader/Win32.Agent
AntiVir 7.11.2.87 2011.02.07 TR/Dldr.Agent.ehj
Antiy-AVL 2.0.3.7 2011.01.28 Trojan/Win32.Agent.gen
Avast 4.8.1351.0 2011.02.07 Win32:Malware-gen
Avast5 5.0.677.0 2011.02.07 Win32:Malware-gen
AVG 10.0.0.1190 2011.02.07 Downloader.Generic10.PIT
BitDefender 7.2 2011.02.07 Trojan.Generic.4717352
CAT-QuickHeal 11.00 2011.02.07 TrojanDownloader.Agent.elmx
ClamAV 0.96.4.0 2011.02.07 Backdoor.LolBot
Commtouch 5.2.11.5 2011.02.07 W32/Trojan2.NHVV
Comodo 7600 2011.02.07 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.02.07 Trojan.IMspam.12
Emsisoft 5.1.0.2 2011.02.07 Trojan-Dropper.Agent!IK
eSafe 7.0.17.0 2011.02.06 Win32.TrojanDownload
eTrust-Vet 36.1.8144 2011.02.07 –
F-Prot 4.6.2.117 2011.02.04 W32/Trojan2.NHVV
F-Secure 9.0.16160.0 2011.02.07 Trojan.Generic.4717352
Fortinet 4.2.254.0 2011.02.07 –
GData 21 2011.02.07 Trojan.Generic.4717352
Ikarus T3.1.1.97.0 2011.02.07 Trojan-Dropper.Agent
Jiangmin 13.0.900 2011.02.05 Backdoor/LolBot.gx
K7AntiVirus 9.81.3771 2011.02.07 Trojan-Downloader
Kaspersky 7.0.0.125 2011.02.07 Trojan-Downloader.Win32.Agent.elmx
McAfee 5.400.0.1158 2011.02.07 Generic.dx!tuk
McAfee-GW-Edition 2010.1C 2011.02.07 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.6502 2011.02.07 TrojanDownloader:Win32/Pushbot.C
NOD32 5853 2011.02.07 a variant of Win32/Injector.CUZ
Norman 6.07.03 2011.02.07 W32/Suspicious_Gen2.DALTD
nProtect 2011-01-27.01 2011.02.02 –
Panda 10.0.3.5 2011.02.06 W32/MSNWorm.IY.worm
PCTools 7.0.3.5 2011.02.07 Malware.Yimfoca
Prevx 3.0 2011.02.07 –
Rising 23.44.00.02 2011.02.07 Trojan.Win32.Generic.123FAAB5
Sophos 4.61.0 2011.02.07 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.02.06 –
Symantec 20101.3.0.103 2011.02.07 W32.Yimfoca.B
TheHacker 6.7.0.1.125 2011.02.07 Trojan/Downloader.Agent.elmx
TrendMicro 9.200.0.1012 2011.02.07 TROJ_ZLATO.A
TrendMicro-HouseCall 9.200.0.1012 2011.02.07 TROJ_ZLATO.A
VBA32 3.12.14.3 2011.02.07 Backdoor.LolBot.ii
VIPRE 8336 2011.02.07 Trojan-Downloader.Win32.Agent
ViRobot 2011.2.7.4297 2011.02.07 Backdoor.Win32.LolBot.90112
VirusBuster 13.6.187.0 2011.02.07 –
Additional informationShow all
MD5   : 8b8b1d52e4882445ed911082426e9552
SHA1  : 977c4dd1a5da8ba5a71402a91112bb0963c2d806

File size : 57344 bytes

publisher….: Microsoft Corporation
copyright….: (c) Microsoft Corporation. All rights reserved.
product……: Microsoft_ Windows_ Operating System
description..: Paint
original name: MSPAINT.EXE
internal name: MSPAINT
file version.: 5.1.2600.5918 (xpsp_sp3_gdr.091216-2054)

y otro fichero recibido de igual familia:

File name: Dsc002741436-jpg scr
Submission date: 2011-02-07 12:59:11 (UTC)
Current status: finished
Result: 37 /43 (86.0%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.02.06.00 2011.02.06 Backdoor/Win32.LolBot
AntiVir 7.11.2.87 2011.02.07 BDS/LolBot.IG
Antiy-AVL 2.0.3.7 2011.01.28 Backdoor/Win32.LolBot.gen
Avast 4.8.1351.0 2011.02.07 Win32:Trojan-gen
Avast5 5.0.677.0 2011.02.06 Win32:Trojan-gen
AVG 10.0.0.1190 2011.02.07 Downloader.Generic10.PIS
BitDefender 7.2 2011.02.07 Trojan.Generic.4815322
CAT-QuickHeal 11.00 2011.02.07 Backdoor.LolBot.ih
ClamAV 0.96.4.0 2011.02.07 –
Commtouch 5.2.11.5 2011.02.07 W32/Trojan2.NHVV
Comodo 7600 2011.02.07 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.02.07 Trojan.DownLoader1.18975
Emsisoft 5.1.0.2 2011.02.07 Backdoor.Win32.LolBot!IK
eSafe 7.0.17.0 2011.02.06 Win32.BDSLolBot.Ig
eTrust-Vet 36.1.8144 2011.02.07 –
F-Prot 4.6.2.117 2011.02.04 W32/Trojan2.NHVV
F-Secure 9.0.16160.0 2011.02.07 Trojan.Generic.4815322
Fortinet 4.2.254.0 2011.02.07 –
GData 21 2011.02.07 Trojan.Generic.4815322
Ikarus T3.1.1.97.0 2011.02.07 Backdoor.Win32.LolBot
Jiangmin 13.0.900 2011.02.05 Backdoor/LolBot.gv
K7AntiVirus 9.81.3761 2011.02.06 Trojan
Kaspersky 7.0.0.125 2011.02.07 Backdoor.Win32.LolBot.ih
McAfee 5.400.0.1158 2011.02.07 Generic.dx!uio
McAfee-GW-Edition 2010.1C 2011.02.07 Generic.dx!uio
Microsoft 1.6502 2011.02.07 Worm:Win32/Autorun.ZO
NOD32 5852 2011.02.07 Win32/TrojanDownloader.Small.OVZ
Norman 6.07.03 2011.02.07 W32/Autorun.BLEU
nProtect 2011-01-27.01 2011.02.02 Backdoor/W32.LolBot.58886
Panda 10.0.3.5 2011.02.06 W32/MSNWorm.IY.worm
PCTools 7.0.3.5 2011.02.07 Trojan.Gen
Prevx 3.0 2011.02.07 Medium Risk Malware
Rising 23.44.00.02 2011.02.07 –
Sophos 4.61.0 2011.02.07 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.02.06 –
Symantec 20101.3.0.103 2011.02.07 Trojan.Gen
TheHacker 6.7.0.1.125 2011.02.07 Backdoor/LolBot.ih
TrendMicro 9.200.0.1012 2011.02.07 TROJ_LAMEWAR.VTG
TrendMicro-HouseCall 9.200.0.1012 2011.02.07 TROJ_LAMEWAR.VTG
VBA32 3.12.14.3 2011.02.07 Backdoor.LolBot.ij
VIPRE 8336 2011.02.07 Trojan.Win32.Generic!BT
ViRobot 2011.2.7.4297 2011.02.07 Worm.Win32.IM-Zeroll.91648
VirusBuster 13.6.186.0 2011.02.07 –
Additional informationShow all
MD5   : a44b53395fea9807f2abad6d54cae0c9
SHA1  : 7c2280999d9cba7efda7e444d59651294780b9fd

File size : 58886 bytes

publisher….: Microsoft Corporation
copyright….: (c) Microsoft Corporation. All rights reserved.
product……: Microsoft_ Windows_ Operating System
description..: Paint
original name: MSPAINT.EXE
internal name: MSPAINT
file version.: 5.1.2600.5918 (xpsp_sp3_gdr.091216-2054)

La version del ELITRIIP 7.25 que los controla y elimina, estará disponible en esta web a partir de las 19 horas de hoy.

saludos

ms, 7-2-2011