Mas variantes de FAKE AV XP SECURITY

Dos clientes asociados nos envian sendos ficheros malware del mismo tipo, aunque diferentes, que pasamos a controlar a partir de ELISTARA 14.64 de hoy

Los preanalisis de virustotal ofrecen los siguientes informes:
Nombre fichero 1 : NSK.EXE.Muestra EliStartPage v24.63

SHA256: 667452784b10a2593f5cb77910e000adb5c5d12e80da9366a38428a4de453514
SHA1: 8027901d5ee0499f69a70beb660ba8c55c4329cb
MD5: 4e9b626a0b3d6213551b54702231deda
File size: 266.5 KB ( 272896 bytes )
File type: Win32 EXE
Detection ratio: 9 / 41

00
Antivirus Result Version Update
AhnLab-V3 – 2012.01.12.00 20120112
AntiVir – 7.11.21.0 20120112
Antiy-AVL – 2.0.3.7 20120112
Avast – 6.0.1289.0 20120112
AVG Suspicion: unknown virus 10.0.0.1190 20120112
BitDefender Gen:Variant.Zusy.591 7.2 20120112
ByteHero – 1.0.0.1 20120112
CAT-QuickHeal – 12.00 20120112
ClamAV – 0.97.3.0 20120112
Commtouch – 5.3.2.6 20120112
Comodo – 11251 20120112
DrWeb – 5.0.2.03300 20120112
Emsisoft – 5.1.0.11 20120112
eSafe – 7.0.17.0 20120111
eTrust-Vet – 37.0.9677 20120112
F-Prot – 4.6.5.141 20120112
F-Secure Rogue:W32/FakeAv.IL 9.0.16440.0 20120112
Fortinet – 4.3.388.0 20120112
GData Gen:Variant.Zusy.591 22 20120112
Ikarus – T3.1.1.113.0 20120112
Jiangmin – 13.0.900 20120112
K7AntiVirus – 9.125.5916 20120111
Kaspersky – 9.0.0.837 20120112
McAfee FakeAlert-Rena.by 5.400.0.1158 20120112
McAfee-GW-Edition – 2010.1E 20120112
Microsoft Rogue:Win32/FakeRean 1.7903 20120112
NOD32 a variant of Win32/Kryptik.YUY 6789 20120112
Norman – 6.07.13 20120112
nProtect – 2012-01-12.01 20120112
PCTools FakeCloudAV2012 8.0.0.5 20120112
Prevx – 3.0 20120112
Rising – 23.92.03.02 20120112
SUPERAntiSpyware – 4.40.0.1006 20120112
Symantec FakeCloudAV2012 20111.2.0.82 20120112
TheHacker – 6.7.0.1.375 20120110
TrendMicro – 9.500.0.1008 20120112
TrendMicro-HouseCall – 9.500.0.1008 20120112
VBA32 – 3.12.16.4 20120112
VIPRE – 11387 20120112
ViRobot – 2012.1.12.4877 20120112
VirusBuster – 14.1.163.0 20120112
__________

Nombre fichero 2:  SEX.EXE.Muestra EliStartPage v24.63

SHA256: f857077abaf1463e1834065191c0e5ddd4059aa54724ceafce702702ed78e695
SHA1: 247f58fbb032e5ffdb8a81b8ee2359000a5c0f3c
MD5: bfe705944c274f4394990b30d5d58a90
File size: 372.0 KB ( 380928 bytes )
File type: Win32 EXE
Detection ratio: 10 / 43
Analysis date: 2012-01-12 15:54:48 UTC ( 1 minute ago )

00
Antivirus Result Version Update
AhnLab-V3 – 2012.01.12.00 20120112
AntiVir – 7.11.21.0 20120112
Antiy-AVL – 2.0.3.7 20120112
Avast Win32:FakeAlert-BVM [Trj] 6.0.1289.0 20120112
AVG – 10.0.0.1190 20120112
BitDefender Gen:Variant.Kazy.52595 7.2 20120112
ByteHero – 1.0.0.1 20120111
CAT-QuickHeal – 12.00 20120112
ClamAV – 0.97.3.0 20120112
Commtouch – 5.3.2.6 20120112
Comodo – 11251 20120112
DrWeb – 5.0.2.03300 20120112
Emsisoft – 5.1.0.11 20120112
eSafe – 7.0.17.0 20120111
eTrust-Vet – 37.0.9677 20120112
F-Prot – 4.6.5.141 20120112
F-Secure Gen:Variant.Kazy.52595 9.0.16440.0 20120112
Fortinet W32/FakeAV.NO!tr 4.3.388.0 20120112
GData Gen:Variant.Kazy.52595 22 20120112
Ikarus – T3.1.1.113.0 20120112
Jiangmin – 13.0.900 20120112
K7AntiVirus – 9.125.5916 20120111
Kaspersky Trojan-FakeAV.Win32.XPAntiSpyware.e 9.0.0.837 20120112
McAfee FakeAlert-Rena.bw 5.400.0.1158 20120112
McAfee-GW-Edition – 2010.1E 20120112
Microsoft Rogue:Win32/FakeRean 1.7903 20120112
NOD32 a variant of Win32/Kryptik.YTU 6789 20120112
Norman – 6.07.13 20120112
nProtect – 2012-01-12.01 20120112
Panda – 10.0.3.5 20120111
PCTools – 8.0.0.5 20120112
Prevx – 3.0 20120112
Rising – 23.92.03.02 20120112
Sophos – 4.73.0 20120112
SUPERAntiSpyware – 4.40.0.1006 20120112
Symantec WindowsAVPro!gen2 20111.2.0.82 20120112
TheHacker – 6.7.0.1.375 20120110
TrendMicro – 9.500.0.1008 20120112
TrendMicro-HouseCall – 9.500.0.1008 20120112
VBA32 – 3.12.16.4 20120112
VIPRE – 11387 20120112
ViRobot – 2012.1.12.4877 20120112
VirusBuster – 14.1.163.0 20120112
El ELISTARA 24.64 que detecta y elimina ambos, estará disponible en nuestra web a parttir de las 19 h CEST de hoy

saludos

ms, 12-1-2012