Website with Malware
Our reader, Micheal, has notified us a website which could cause users to download a malware.
http:// c n n w a r n e w s . c o m/
A lookup at the domain shown that it is a newly registered domain (registered date is 12 Oct 06).
The website will load a normal webpage from an australian news website (through using frame). It will also however attempt to open a malware from another site.
http:// z a g e v q s o i i .b i z /dl/l o a d a d v 4 3 3 . e x e
VirusTotal shows the result of this malware:
Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 TR/Dldr.Small.dib.6
Authentium 4.93.8 10.13.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
Avast 4.7.892.0 10.13.2006 Win32:Small-BSO
AVG 386 10.13.2006 Downloader.Harnig.AM
BitDefender 7.2 10.14.2006 DeepScan:Generic.Malware.dld!!g.07E540DB
CAT-QuickHeal 8.00 10.14.2006 no virus found
ClamAV devel-20060426 10.13.2006 Trojan.Downloader.Small-2840
eTrust-InoculateIT 23.73.22 10.13.2006 Win32/SillyDL!Trojan
eTrust-Vet 30.3.3131 10.13.2006 Win32/Harnig!generic
DrWeb 4.33 10.14.2006 Trojan.DownLoader.13549
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 W32/Dowadv.CU!tr.dldr
F-Prot 3.16f 10.13.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
F-Prot4 4.2.1.29 10.13.2006 W32/Downloader-Sml-based!Maximus
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.14.2006 Trojan-Downloader.Win32.Harnig.cu
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.14.2006 TrojanDownloader:Win32/Vxidl
NOD32v2 1.1803 10.13.2006 a variant of Win32/TrojanDownloader.Small.DIB
Norman 5.80.02 10.13.2006 W32/DLoader.gen2
Panda 9.0.0.4 10.14.2006 Suspicious file
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.098 10.14.2006 Trojan/Downloader.Tibs.gen
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 suspected of Downloader.Small.3 (paranoid heuristics)
VirusBuster 4.3.7:9 10.13.2006 Trojan.DL.Harnig.Gen.3
It just shown that seemly harmless website may not be that harmless at all. You should be extremely vigilant when visiting unfamiliar websites. If in doubt, it is always good to tighten your browser configuration (e.g. disable Java/ Java script/ ActiveX) before making any attempts to visit the site. This is of course assuming you have the usual security measures in place (latest patch, virus definition etc.).
http:// c n n w a r n e w s . c o m/
A lookup at the domain shown that it is a newly registered domain (registered date is 12 Oct 06).
The website will load a normal webpage from an australian news website (through using frame). It will also however attempt to open a malware from another site.
http:// z a g e v q s o i i .b i z /dl/l o a d a d v 4 3 3 . e x e
VirusTotal shows the result of this malware:
Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 TR/Dldr.Small.dib.6
Authentium 4.93.8 10.13.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
Avast 4.7.892.0 10.13.2006 Win32:Small-BSO
AVG 386 10.13.2006 Downloader.Harnig.AM
BitDefender 7.2 10.14.2006 DeepScan:Generic.Malware.dld!!g.07E540DB
CAT-QuickHeal 8.00 10.14.2006 no virus found
ClamAV devel-20060426 10.13.2006 Trojan.Downloader.Small-2840
eTrust-InoculateIT 23.73.22 10.13.2006 Win32/SillyDL!Trojan
eTrust-Vet 30.3.3131 10.13.2006 Win32/Harnig!generic
DrWeb 4.33 10.14.2006 Trojan.DownLoader.13549
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.14.2006 W32/Dowadv.CU!tr.dldr
F-Prot 3.16f 10.13.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus
F-Prot4 4.2.1.29 10.13.2006 W32/Downloader-Sml-based!Maximus
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.14.2006 Trojan-Downloader.Win32.Harnig.cu
McAfee 4873 10.13.2006 no virus found
Microsoft 1.1603 10.14.2006 TrojanDownloader:Win32/Vxidl
NOD32v2 1.1803 10.13.2006 a variant of Win32/TrojanDownloader.Small.DIB
Norman 5.80.02 10.13.2006 W32/DLoader.gen2
Panda 9.0.0.4 10.14.2006 Suspicious file
Sophos 4.10.0 10.13.2006 no virus found
TheHacker 6.0.1.098 10.14.2006 Trojan/Downloader.Tibs.gen
UNA 1.83 10.13.2006 no virus found
VBA32 3.11.1 10.13.2006 suspected of Downloader.Small.3 (paranoid heuristics)
VirusBuster 4.3.7:9 10.13.2006 Trojan.DL.Harnig.Gen.3
It just shown that seemly harmless website may not be that harmless at all. You should be extremely vigilant when visiting unfamiliar websites. If in doubt, it is always good to tighten your browser configuration (e.g. disable Java/ Java script/ ActiveX) before making any attempts to visit the site. This is of course assuming you have the usual security measures in place (latest patch, virus definition etc.).
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments