Deteccion y control, de los 4 ficheros KATUSHAS generados por el actual worm VBNA y congeneres
Entre ellos descargan nueva variante del FAKE ALERT RENOS
Todos ellos están controlados a partir del ELISTARA 23.05
Al primero lo controlan solo 8 de los 37 AV utilizados:
Scanned time : 2011/04/15 10:52:16 (CEST)
Scanner results: 22% Escaner (8/37) encontró infección
File Name : Knf.exe
File Size : 224768 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : fdfc0b964b1e4b64bc214e4b68cc2fce
SHA1 : 483321e7f4a3b7b4c4ba9e72922d06474b660e2a
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110415031442 2011-04-15 5.05 –
AhnLab V3 2011.04.14.00 2011.04.14 2011-04-14 1.58 –
AntiVir 8.2.4.208 7.11.6.133 2011-04-15 0.28 –
Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 –
Arcavir 2011 201103241627 2011-03-24 0.04 –
Authentium 5.1.1 201104150802 2011-04-15 1.60 –
AVAST! 4.7.4 110414-2 2011-04-14 0.03 –
AVG 8.5.850 271.1.1/3574 2011-04-15 0.27 –
BitDefender 7.90123.7116508 7.37093 2011-04-15 6.57 Gen:Variant.Kazy.18965
ClamAV 0.96.5 12983 2011-04-15 0.05 –
Comodo 4.0 8344 2011-04-14 2.86 –
CP Secure 1.3.0.5 2011.04.15 2011-04-15 0.07 –
Dr.Web 5.0.2.3300 2011.04.15 2011-04-15 11.32 Trojan.Inject.31846
F-Prot 4.4.4.56 20110414 2011-04-14 1.62 –
F-Secure 7.02.73807 2011.04.15.02 2011-04-15 0.19 Trojan.Win32.Diple.ldw [AVP]
Fortinet 4.2.257 13.113 2011-04-14 0.50 W32/PackZbot.D!tr
GData 22.77/22.38 20110415 2011-04-15 9.41 –
ViRobot 20110414 2011.04.14 2011-04-14 0.39 –
Ikarus T3.1.32.20.0 2011.04.15.78176 2011-04-15 5.07 –
JiangMin 13.0.900 2011.03.30 2011-03-30 1.46 –
Kaspersky 5.5.10 2011.04.15 2011-04-15 0.10 Trojan.Win32.Diple.ldw
KingSoft 2009.2.5.15 2011.4.15.14 2011-04-15 0.76 –
McAfee 5400.1158 6316 2011-04-14 9.14 –
Microsoft 1.6702 2011.04.15 2011-04-15 4.54 –
NOD32 3.0.21 6040 2011-04-14 0.05 a variant of Win32/Kryptik.MQF trojan
Norman 6.07.08 6.07.00 2011-04-13 16.02 –
Panda 9.05.01 2011.04.14 2011-04-14 6.31 –
Trend Micro 9.200-1012 7.978.06 2011-04-14 0.05 –
Quick Heal 11.00 2011.04.14 2011-04-14 1.27 –
Rising 20.0 23.53.03.06 2011-04-14 2.52 –
Sophos 3.18.0 4.64 2011-04-15 3.52 Mal/FakeAV-IZ
Sunbelt 3.9.2490.2 9015 2011-04-14 2.52 –
Symantec 1.3.0.24 20110414.002 2011-04-14 0.00 –
nProtect 20110414.01 3356712 2011-04-14 8.27 –
The Hacker 6.7.0.1 v00173 2011-04-12 0.47 –
VBA32 3.12.16.0 20110415.0732 2011-04-15 4.86 Malware-Cryptor.Limpopo
VirusBuster 5.2.0.28 13.6.305.0/49657232011-04-14 0.00 –
__________
y este solo lo controlan actualmente 4 de 37 AV:
Scanned time : 2011/04/15 10:52:28 (CEST)
Scanner results: 11% Escaner (4/37) encontró infección
File Name : Kng.exe
File Size : 130048 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 9ff48e96bbb1f8a3924fbb25f66e2095
SHA1 : c5a56dc34df0b0593e82fbf33951ad5e0fa5180e
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110415031442 2011-04-15 10.16 –
AhnLab V3 2011.04.14.00 2011.04.14 2011-04-14 4.54 –
AntiVir 8.2.4.208 7.11.6.133 2011-04-15 0.28 –
Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 –
Arcavir 2011 201103241627 2011-03-24 0.05 –
Authentium 5.1.1 201104150802 2011-04-15 1.60 –
AVAST! 4.7.4 110414-2 2011-04-14 0.02 –
AVG 8.5.850 271.1.1/3574 2011-04-15 0.26 –
BitDefender 7.90123.7116508 7.37093 2011-04-15 6.49 Gen:Variant.Kazy.19250
ClamAV 0.96.5 12983 2011-04-15 0.04 –
Comodo 4.0 8344 2011-04-14 1.16 –
CP Secure 1.3.0.5 2011.04.15 2011-04-15 0.07 –
Dr.Web 5.0.2.3300 2011.04.15 2011-04-15 11.40 Trojan.DownLoader2.34668
F-Prot 4.4.4.56 20110414 2011-04-14 1.62 –
F-Secure 7.02.73807 2011.04.15.02 2011-04-15 0.18 Trojan.Win32.Diple.ldz [AVP]
Fortinet 4.2.257 13.113 2011-04-14 0.24 –
GData 22.77/22.38 20110415 2011-04-15 10.36 –
ViRobot 20110414 2011.04.14 2011-04-14 0.52 –
Ikarus T3.1.32.20.0 2011.04.15.78176 2011-04-15 4.86 –
JiangMin 13.0.900 2011.03.30 2011-03-30 2.63 –
Kaspersky 5.5.10 2011.04.15 2011-04-15 0.09 Trojan.Win32.Diple.ldz
KingSoft 2009.2.5.15 2011.4.15.14 2011-04-15 2.18 –
McAfee 5400.1158 6316 2011-04-14 8.86 –
Microsoft 1.6702 2011.04.15 2011-04-15 21.62 –
NOD32 3.0.21 6040 2011-04-14 0.03 –
Norman 6.07.08 6.07.00 2011-04-13 18.02 –
Panda 9.05.01 2011.04.14 2011-04-14 3.98 –
Trend Micro 9.200-1012 7.978.06 2011-04-14 0.05 –
Quick Heal 11.00 2011.04.14 2011-04-14 1.47 –
Rising 20.0 23.53.03.06 2011-04-14 3.26 –
Sophos 3.18.0 4.64 2011-04-15 6.59 –
Sunbelt 3.9.2490.2 9015 2011-04-14 1.12 –
Symantec 1.3.0.24 20110414.002 2011-04-14 0.01 –
nProtect 20110414.01 3356712 2011-04-14 16.64 –
The Hacker 6.7.0.1 v00173 2011-04-12 0.69 –
VBA32 3.12.16.0 20110415.0732 2011-04-15 4.80 –
VirusBuster 5.2.0.28 13.6.305.0/49657232011-04-14 0.00 –
________
al tercero de los cuatro lo controlan 5 de 37 AV:
Scanned time : 2011/04/15 10:52:42 (CEST)
Scanner results: 14% Escaner (5/37) encontró infección
File Name : Knh.exe
File Size : 132608 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 39300669d89fb910772549650e426177
SHA1 : e026b4c0261f1079741914d8f4ffc6e5211b5569
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110415031442 2011-04-15 6.10 –
AhnLab V3 2011.04.14.00 2011.04.14 2011-04-14 3.04 –
AntiVir 8.2.4.208 7.11.6.133 2011-04-15 0.30 –
Antiy 2.0.18 20110205.7694535 2011-02-05 0.13 –
Arcavir 2011 201103241627 2011-03-24 0.16 –
Authentium 5.1.1 201104150802 2011-04-15 1.58 –
AVAST! 4.7.4 110414-2 2011-04-14 0.02 –
AVG 8.5.850 271.1.1/3574 2011-04-15 0.27 –
BitDefender 7.90123.7116508 7.37093 2011-04-15 6.51 Gen:Variant.Kazy.19250
ClamAV 0.96.5 12983 2011-04-15 0.03 –
Comodo 4.0 8344 2011-04-14 1.55 Heur.Packed.Unknown
CP Secure 1.3.0.5 2011.04.15 2011-04-15 0.07 –
Dr.Web 5.0.2.3300 2011.04.15 2011-04-15 12.14 Trojan.DownLoader2.34697
F-Prot 4.4.4.56 20110414 2011-04-14 1.62 –
F-Secure 7.02.73807 2011.04.15.02 2011-04-15 0.20 –
Fortinet 4.2.257 13.113 2011-04-14 0.70 –
GData 22.77/22.38 20110415 2011-04-15 14.75 –
ViRobot 20110414 2011.04.14 2011-04-14 0.60 –
Ikarus T3.1.32.20.0 2011.04.15.78176 2011-04-15 4.97 –
JiangMin 13.0.900 2011.03.30 2011-03-30 1.84 –
Kaspersky 5.5.10 2011.04.15 2011-04-15 0.09 Trojan.Win32.Diple.lew
KingSoft 2009.2.5.15 2011.4.15.14 2011-04-15 1.38 –
McAfee 5400.1158 6316 2011-04-14 8.63 –
Microsoft 1.6702 2011.04.15 2011-04-15 7.03 –
NOD32 3.0.21 6040 2011-04-14 0.05 a variant of Win32/Kryptik.MQF trojan
Norman 6.07.08 6.07.00 2011-04-13 20.03 –
Panda 9.05.01 2011.04.14 2011-04-14 7.66 –
Trend Micro 9.200-1012 7.978.06 2011-04-14 0.06 –
Quick Heal 11.00 2011.04.14 2011-04-14 1.12 –
Rising 20.0 23.53.03.06 2011-04-14 0.26 –
Sophos 3.18.0 4.64 2011-04-15 4.63 –
Sunbelt 3.9.2490.2 9015 2011-04-14 8.34 –
Symantec 1.3.0.24 20110414.002 2011-04-14 0.00 –
nProtect 20110414.01 3356712 2011-04-14 9.72 –
The Hacker 6.7.0.1 v00173 2011-04-12 0.55 –
VBA32 3.12.16.0 20110415.0732 2011-04-15 5.28 –
VirusBuster 5.2.0.28 13.6.305.0/49657232011-04-14 0.00 –
_____________
y al cuarto, lo controlan 8 de 37:
Scanned time : 2011/04/15 10:53:19 (CEST)
Scanner results: 22% Escaner (8/37) encontró infección
File Name : Kni.exe
File Size : 224768 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 70b573d413556deb13747836abd04a57
SHA1 : c173622c6868a09c1511fc612b4e03586c374ace
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110415031442 2011-04-15 6.89 –
AhnLab V3 2011.04.14.00 2011.04.14 2011-04-14 5.79 –
AntiVir 8.2.4.208 7.11.6.133 2011-04-15 0.28 –
Antiy 2.0.18 20110205.7694535 2011-02-05 0.12 –
Arcavir 2011 201103241627 2011-03-24 0.05 –
Authentium 5.1.1 201104150802 2011-04-15 1.78 –
AVAST! 4.7.4 110414-2 2011-04-14 0.03 –
AVG 8.5.850 271.1.1/3574 2011-04-15 0.27 –
BitDefender 7.90123.7116508 7.37093 2011-04-15 6.51 Gen:Variant.Kazy.18965
ClamAV 0.96.5 12983 2011-04-15 0.05 –
Comodo 4.0 8344 2011-04-14 1.33 –
CP Secure 1.3.0.5 2011.04.15 2011-04-15 0.08 –
Dr.Web 5.0.2.3300 2011.04.15 2011-04-15 11.64 Trojan.Inject.31846
F-Prot 4.4.4.56 20110414 2011-04-14 1.57 –
F-Secure 7.02.73807 2011.04.15.02 2011-04-15 7.67 Trojan.Win32.Diple.ldw [AVP]
Fortinet 4.2.257 13.113 2011-04-14 0.17 W32/PackZbot.D!tr
GData 22.77/22.38 20110415 2011-04-15 8.78 –
ViRobot 20110414 2011.04.14 2011-04-14 0.38 –
Ikarus T3.1.32.20.0 2011.04.15.78176 2011-04-15 5.07 –
JiangMin 13.0.900 2011.03.30 2011-03-30 2.30 –
Kaspersky 5.5.10 2011.04.15 2011-04-15 0.09 Trojan.Win32.Diple.ldw
KingSoft 2009.2.5.15 2011.4.15.14 2011-04-15 1.08 –
McAfee 5400.1158 6316 2011-04-14 8.56 –
Microsoft 1.6702 2011.04.15 2011-04-15 6.36 –
NOD32 3.0.21 6040 2011-04-14 0.05 a variant of Win32/Kryptik.MQF trojan
Norman 6.07.08 6.07.00 2011-04-13 16.02 –
Panda 9.05.01 2011.04.14 2011-04-14 5.90 –
Trend Micro 9.200-1012 7.978.06 2011-04-14 0.05 –
Quick Heal 11.00 2011.04.14 2011-04-14 2.24 –
Rising 20.0 23.53.03.06 2011-04-14 3.37 –
Sophos 3.18.0 4.64 2011-04-15 3.52 Mal/FakeAV-IZ
Sunbelt 3.9.2490.2 9015 2011-04-14 1.00 –
Symantec 1.3.0.24 20110414.002 2011-04-14 0.00 –
nProtect 20110414.01 3356712 2011-04-14 6.92 –
The Hacker 6.7.0.1 v00173 2011-04-12 0.61 –
VBA32 3.12.16.0 20110415.0732 2011-04-15 3.95 Malware-Cryptor.Limpopo
VirusBuster 5.2.0.28 13.6.305.0/49657232011-04-14 0.00 –
Todos ellos ya estan controlados a partir del ELISTARA 23.05, ya disponible en nuestra web
saludos
ms, 15-4-2011
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Los comentarios están cerrados.