Variantes de DORKBOT CAZADAS POR LA HEURISTICA DEL ELISTARA

Tres nuevas variantes has sido intefceptadas por el ELISTARA y las pasamos a controlar especificamente a partir del ELISTARA 24.36 de hoy

Los preanalisis de virustotal ofrecen los siguiente informes:
File name: EQBEBI.EXE.Muestra EliStartPage v23.78
Submission date: 2011-11-28 15:34:07 (UTC)

Result: 35/ 43 (81.4%)
VT Community

not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.28.00 2011.11.28 Trojan/Win32.Jorik
AntiVir 7.11.18.107 2011.11.28 TR/Jorik.IRCbot.bto
Antiy-AVL 2.0.3.7 2011.11.28 Trojan/Win32.Jorik.gen
Avast 6.0.1289.0 2011.11.28 Win32:VBLoader [Trj]
AVG 10.0.0.1190 2011.11.28 Generic24.CEMM
BitDefender 7.2 2011.11.28 Trojan.Generic.6666772
ByteHero 1.0.0.1 2011.11.14 –
CAT-QuickHeal 12.00 2011.11.28 Trojan.Jorik.IRCbot.bto
ClamAV 0.97.3.0 2011.11.28 –
Commtouch 5.3.2.6 2011.11.28 –
Comodo 10791 2011.11.27 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.11.28 Worm.Siggen.5235
Emsisoft 5.1.0.11 2011.11.28 Backdoor.Win32.Ursap!IK
eSafe 7.0.17.0 2011.11.28 Win32.Refroso.Blc
eTrust-Vet 37.0.9590 2011.11.28 –
F-Prot 4.6.5.141 2011.11.28 –
F-Secure 9.0.16440.0 2011.11.28 Trojan.Generic.6666772
Fortinet 4.3.370.0 2011.11.27 W32/Refroso.BLC!tr
GData 22 2011.11.28 Trojan.Generic.6666772
Ikarus T3.1.1.109.0 2011.11.28 Backdoor.Win32.Ursap
Jiangmin 13.0.900 2011.11.28 Trojan/Jorik.pxv
K7AntiVirus 9.119.5542 2011.11.25 Trojan
Kaspersky 9.0.0.837 2011.11.28 Trojan.Win32.Jorik.IRCbot.bto
McAfee 5.400.0.1158 2011.11.28 W32/Sdbot.worm!kz
McAfee-GW-Edition 2010.1D 2011.11.28 Heuristic.LooksLike.Win32.SuspiciousPE.F!80
Microsoft 1.7801 2011.11.28 Worm:Win32/Dorkbot.I
NOD32 6666 2011.11.28 a variant of Win32/Injector.JLS
Norman 6.07.13 2011.11.28 Jorik.dam
nProtect 2011-11-28.02 2011.11.28 Trojan/W32.Agent.114688.BGC
Panda 10.0.3.5 2011.11.27 Trj/CI.A
PCTools 8.0.0.5 2011.11.28 Trojan.IRCBot
Prevx 3.0 2011.11.28 –
Rising 23.86.00.01 2011.11.28 –
Sophos 4.71.0 2011.11.28 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.11.26 Trojan.Agent/Gen-Jorik
Symantec 20111.2.0.82 2011.11.28 W32.IRCBot.NG
TheHacker 6.7.0.1.350 2011.11.27 Trojan/Agent.gen
TrendMicro 9.500.0.1008 2011.11.28 WORM_IRCBOT.SMC
TrendMicro-HouseCall 9.500.0.1008 2011.11.28 WORM_IRCBOT.SMC
VBA32 3.12.16.4 2011.11.28 Trojan.Jorik.IRCbot.bto
VIPRE 11170 2011.11.28 Backdoor.IRCBot
ViRobot 2011.11.28.4797 2011.11.28 Trojan.Win32.Inject.114688.J
VirusBuster 14.1.88.0 2011.11.28 –
Additional informationShow all
MD5   : 7255278cd67c6bbae56a67e2265eb94b
SHA1  : f5e0962b982b61c7497eb00993b13737db7898fc
File size : 114688 bytes
publisher….: n/a
copyright….: n/a
product……: 9_0__00__
description..: n/a
original name: xqqx.xqq
internal name: xqqx
file version.: 4.05.0004

_________

la segunda:

File name: EQBEBI.EXE.Muestra EliStartPage v24.35
Submission date: 2011-11-28 15:38:05 (UTC)
Current status: queued queued analysing finished
Result: 30/ 43 (69.8%)
VT Community

not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.28.00 2011.11.28 Trojan/Win32.Jorik
AntiVir 7.11.18.107 2011.11.28 TR/Jorik.IRCbot.dtc
Antiy-AVL 2.0.3.7 2011.11.28 Trojan/Win32.Jorik.gen
Avast 6.0.1289.0 2011.11.28 Win32:IRCBot-EGX [Trj]
AVG 10.0.0.1190 2011.11.28 Generic25.CHCK
BitDefender 7.2 2011.11.28 Worm.Generic.353708
ByteHero 1.0.0.1 2011.11.14 –
CAT-QuickHeal 12.00 2011.11.28 Trojan.Jorik.IRCbot.dtc
ClamAV 0.97.3.0 2011.11.28 –
Commtouch 5.3.2.6 2011.11.28 –
Comodo 10791 2011.11.27 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.11.28 Win32.HLLW.Autoruner1.3389
Emsisoft 5.1.0.11 2011.11.28 Trojan.Win32.Jorik!IK
eSafe 7.0.17.0 2011.11.28 Win32.Refroso.Blc
eTrust-Vet 37.0.9590 2011.11.28 –
F-Prot 4.6.5.141 2011.11.28 –
F-Secure 9.0.16440.0 2011.11.28 Worm.Generic.353708
Fortinet 4.3.370.0 2011.11.27 W32/Refroso.BLC!tr
GData 22 2011.11.28 Worm.Generic.353708
Ikarus T3.1.1.109.0 2011.11.28 Trojan.Win32.Jorik
Jiangmin 13.0.900 2011.11.28 –
K7AntiVirus 9.119.5542 2011.11.25 Trojan
Kaspersky 9.0.0.837 2011.11.28 Trojan.Win32.Jorik.IRCbot.dtc
McAfee 5.400.0.1158 2011.11.28 W32/IRCbot.gen.a
McAfee-GW-Edition 2010.1D 2011.11.28 Heuristic.LooksLike.Win32.SuspiciousPE.F
Microsoft 1.7801 2011.11.28 –
NOD32 6666 2011.11.28 Win32/Dorkbot.B
Norman 6.07.13 2011.11.28 W32/Suspicious_Gen2.dam
nProtect 2011-11-28.02 2011.11.28 Trojan/W32.Jorik.114688.P
Panda 10.0.3.5 2011.11.27 Generic Malware
PCTools 8.0.0.5 2011.11.28 –
Prevx 3.0 2011.11.28 High Risk Cloaked Malware
Rising 23.86.00.01 2011.11.28 –
Sophos 4.71.0 2011.11.28 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.11.26 Trojan.Agent/Gen-Jorik
Symantec 20111.2.0.82 2011.11.28 –
TheHacker 6.7.0.1.350 2011.11.27 –
TrendMicro 9.500.0.1008 2011.11.28 WORM_IRCBOT.SMC
TrendMicro-HouseCall 9.500.0.1008 2011.11.28 WORM_IRCBOT.SMC
VBA32 3.12.16.4 2011.11.28 Trojan.Jorik.IRCbot.dtc
VIPRE 11170 2011.11.28 Backdoor.IRCBot
ViRobot 2011.11.28.4797 2011.11.28 –
VirusBuster 14.1.88.0 2011.11.28 –
Additional informationShow all
MD5   : 45e38b0e88764d4b1f6e1b4eb3d4c1c9
SHA1  : c77e1021b81db7bcaa50146d3e15b9e68263ff50

File size : 114688 bytes

publisher….: n/a
copyright….: n/a
product……: B12B4B412
description..: n/a
original name: V211.V42
internal name: 2V42
file version.: 4.05.0004

________

y la tercera:
File name: MPBEBQ.EXE.Muestra EliStartPage v24.35
Submission date: 2011-11-28 15:45:24 (UTC)

Result: 28/ 42 (66.7%)
VT Community

not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.28.00 2011.11.28 Trojan/Win32.VB
AntiVir 7.11.18.107 2011.11.28 TR/Offend.KD.429098.1
Antiy-AVL 2.0.3.7 2011.11.28 Trojan/Win32.Inject.gen
Avast 6.0.1289.0 2011.11.28 Win32:Inject-APP [Trj]
AVG 10.0.0.1190 2011.11.28 Generic26.BIS
BitDefender 7.2 2011.11.28 Trojan.Generic.KD.429098
ByteHero 1.0.0.1 2011.11.14 Trojan.Win32.Heur.Gen
CAT-QuickHeal 12.00 2011.11.28 Trojan.Inject.bwoz
ClamAV 0.97.3.0 2011.11.28 –
Commtouch 5.3.2.6 2011.11.28 –
Comodo 10791 2011.11.27 –
DrWeb 5.0.2.03300 2011.11.28 Trojan.Packed.22167
Emsisoft 5.1.0.11 2011.11.28 Trojan.Win32.Inject!IK
eSafe 7.0.17.0 2011.11.28 –
eTrust-Vet 37.0.9590 2011.11.28 Win32/SillyDl.YIH
F-Prot 4.6.5.141 2011.11.28 –
F-Secure 9.0.16440.0 2011.11.28 Trojan.Generic.KD.429098
Fortinet 4.3.370.0 2011.11.27 W32/Generic
GData 22.289/22.536 2011.11.28 Trojan.Generic.KD.429098
Ikarus T3.1.1.109.0 2011.11.28 Trojan.Win32.Inject
Jiangmin 13.0.900 2011.11.28 Trojan/Inject.qlq
K7AntiVirus 9.119.5542 2011.11.25 –
Kaspersky 9.0.0.837 2011.11.28 Trojan.Win32.Inject.bwoz
McAfee 5.400.0.1158 2011.11.28 Artemis!EC0835134195
McAfee-GW-Edition 2010.1D 2011.11.28 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.7801 2011.11.28 –
NOD32 6666 2011.11.28 a variant of Win32/Injector.LGL
Norman 6.07.13 2011.11.28 W32/Suspicious_Gen2.TKJGW
nProtect 2011-11-28.02 2011.11.28 Gen:Variant.Graftor.5776
PCTools 8.0.0.5 2011.11.28 Trojan.Gen
Prevx 3.0 2011.11.28 –
Rising 23.86.00.01 2011.11.28 –
Sophos 4.71.0 2011.11.28 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.11.26 –
Symantec 20111.2.0.82 2011.11.28 Trojan.Gen
TheHacker 6.7.0.1.350 2011.11.27 –
TrendMicro 9.500.0.1008 2011.11.28 –
TrendMicro-HouseCall 9.500.0.1008 2011.11.28 TROJ_GEN.R3EC8KS
VBA32 3.12.16.4 2011.11.28 –
VIPRE 11170 2011.11.28 Trojan.Win32.Generic!BT
ViRobot 2011.11.28.4797 2011.11.28 –
VirusBuster 14.1.88.0 2011.11.28 Trojan.Inject!WN8SwaG5y+0
Additional informationShow all
MD5   : ec08351341954096bc19555143e2108c
SHA1  : 30566607f1a19fd824b633598c383cc9572c31a6

File size : 147545 bytes

publisher….: _M3 Softwares_
copyright….: _M3 Softwares_
product……:
description..:
original name: INN.exe
internal name: INN
file version.: 1.01.0002
Dicha version del ELISTARA 24.36 que los detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy

saludos

ms, 28-11-2011