exposedvideos.idoo.com/Backdoor.Win32.SdBot.fbg

[Malekal_morte]

Message de propagation :

hxxp://exposedvideos.idoo.com/videostream.php

Ajoute la clef suivante pour se charger au démarrage :

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
o Windows Services = "winlogon.exe"

Ajoute les fichiers suivants sur le système :

%System%\video.exe
%Windir%\winlogon.exe

Fichier vd435435345_a456475567_www_youtub reçu le 2008.07.06 06:41:58 (CET)
Situation actuelle: terminé
Résultat: 8/33 (24.24%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.7.4.1 2008.07.05 -
AntiVir 7.8.0.64 2008.07.05 -
Authentium 5.1.0.4 2008.07.06 -
Avast 4.8.1195.0 2008.07.05 -
AVG 7.5.0.516 2008.07.05 -
BitDefender 7.2 2008.07.06 DeepScan:Generic.Malware.SI!Bg.37547088
CAT-QuickHeal 9.50 2008.07.04 -
ClamAV 0.93.1 2008.07.06 Trojan.IRCBot.SVD
DrWeb 4.44.0.09170 2008.07.05 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5927 2008.07.04 -
Ewido 4.0 2008.07.05 -
F-Prot 4.4.4.56 2008.07.06 -
F-Secure 7.60.13501.0 2008.07.03 W32/Malware
Fortinet 3.14.0.0 2008.07.05 -
GData 2.0.7306.1023 2008.07.05 -
Ikarus T3.1.1.26.0 2008.07.06 Win32.SuspectCrc
Kaspersky 7.0.0.125 2008.07.06 Backdoor.Win32.SdBot.fbg
McAfee 5332 2008.07.04 -
Microsoft 1.3704 2008.07.06 -
NOD32v2 3244 2008.07.05 -
Norman 5.80.02 2008.07.04 W32/Malware
Panda 9.0.0.4 2008.07.05 Suspicious file
Prevx1 V2 2008.07.06 -
Rising 20.51.42.00 2008.07.04 -
Sophos 4.31.0 2008.07.06 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.06 -
TheHacker 6.2.96.373 2008.07.05 -
TrendMicro 8.700.0.1004 2008.07.05 -
VBA32 3.12.6.8 2008.07.05 suspected of Backdoor.xBot.1 (paranoid heuristics)
VirusBuster 4.5.11.0 2008.07.05 -
Webwasher-Gateway 6.6.2 2008.07.05 -
Information additionnelle
File size: 156144 bytes
MD5...: 84237f8f636becd9e151b7b0f2e0bb38
SHA1..: 0f3d0a15a5f8a9abb48e20343924a5312c5c7d7b

[Malekal_morte]

Scan eu lendemain : 8/33 --> 12/33

Complete scanning result of "videostream.php", processed in VirusTotal at 07/09/2008 11:15:44 (CET).

[ file data ]
* name..: videostream.php
* size..: 156144
* md5...: 84237f8f636becd9e151b7b0f2e0bb38
* sha1..: 0f3d0a15a5f8a9abb48e20343924a5312c5c7d7b
* peid..: -

[ scan result ]
AhnLab-V3 2008.7.9.1/20080709 found nothing
AntiVir 7.8.0.64/20080709 found [DR/Sdbot.156144]
Authentium 5.1.0.4/20080708 found nothing
Avast 4.8.1195.0/20080708 found nothing
AVG 7.5.0.516/20080708 found nothing
BitDefender 7.2/20080709 found [DeepScan:Generic.Malware.SI!Bg.37547088]
CAT-QuickHeal 9.50/20080708 found nothing
ClamAV 0.93.1/20080709 found [Trojan.IRCBot.SVD]
DrWeb 4.44.0.09170/20080709 found nothing
eSafe 7.0.17.0/20080708 found nothing
eTrust-Vet 31.6.5939/20080709 found nothing
Ewido 4.0/20080708 found nothing
F-Prot 4.4.4.56/20080708 found nothing
F-Secure 7.60.13501.0/20080708 found [W32/Malware]
Fortinet 3.14.0.0/20080709 found [PossibleThreat]
GData 2.0.7306.1023/20080709 found [Backdoor.Win32.SdBot.fbg]
Ikarus T3.1.1.26.0/20080709 found [BehavesLike.Win32.ProcessHijack]
Kaspersky 7.0.0.125/20080709 found [Backdoor.Win32.SdBot.fbg]
McAfee 5334/20080708 found nothing
Microsoft 1.3704/20080709 found nothing
NOD32v2 3253/20080709 found nothing
Norman 5.80.02/20080708 found [Malware.DECA]
Panda 9.0.0.4/20080708 found [Suspicious file]
Prevx1 V2/20080709 found nothing
Rising 20.52.12.00/20080708 found nothing
Sophos 4.31.0/20080709 found nothing
Sunbelt 3.1.1509.1/20080704 found nothing
Symantec 10/20080709 found nothing
TheHacker 6.2.96.374/20080707 found nothing
TrendMicro 8.700.0.1004/20080709 found nothing
VBA32 3.12.6.8/20080708 found [Backdoor.Win32.SdBot.fbg]
VirusBuster 4.5.11.0/20080708 found nothing
Webwasher-Gateway 6.6.2/20080709 found [Trojan.Dropper.Sdbot.156144]

[ notes ]
packers (F-Prot): RAR