Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Another brazilian banking trojan variant, detected by some AV vendors, but not all
From: "Pedro Hugo" <phugo () highspeedweb net>
Date: Tue, 4 Oct 2005 20:10:23 +0100

Here goes another banking trojan. Some AV vendors classify it as a variant.
It's packed with UPX 1.93, and it can be unpacked by using the official UPX
Results from virustotal.com:
Antivirus Version Update Result
AntiVir 10.04.2005 TR/Spy.Banker.add.67
Avast 4.6.695.0 09.30.2005 no virus found
AVG 718 10.04.2005 PSW.Banker.GRG
Avira 10.04.2005 TR/Spy.Banker.add.67
BitDefender 7.2 10.04.2005 Trojan.Banker.Delf.A0715A92
CAT-QuickHeal 8.00 10.04.2005 TrojanSpy.Banker.add
ClamAV devel-20050917 10.04.2005 Trojan.Spy.Banker-97
DrWeb 4.32b 10.02.2005 Trojan.PWS.Banker.based
eTrust-Iris 10.04.2005 Win32/Bancos.Variant!PWS!Trojan
eTrust-Vet 10.04.2005 no virus found
Fortinet 10.04.2005 Spy/Banker
F-Prot 3.16c 10.04.2005 no virus found
Ikarus 10.04.2005 no virus found
Kaspersky 10.04.2005 Trojan-Spy.Win32.Banker.add
McAfee 4596 10.04.2005 PWS-Banker.gen.b
NOD32v2 1.1241 10.04.2005 a variant of Win32/Spy.Banker.VJ
Norman 5.70.10 10.04.2005 no virus found
Panda 8.02.00 10.04.2005 Trj/Banker.gen
Sophos 3.98.0 10.04.2005 no virus found
Symantec 8.0 10.04.2005 no virus found
TheHacker 10.03.2005 no virus found
VBA32 3.10.4 10.04.2005 MalwareScope.Trojan-Spy.Banker.52
TrendMicro OfficeScan doesn't detect it (since the pattern is the same for
all products, we can assume TrendMicro doesn't detect it).
Attached is the original file, if you can't download it from the site.
Sorry for the noise, but I hope all or some AV vendors are listening and can
benefit from this.
Best Regards,
Pedro Hugo


From: cartoes () virtualcards com br [mailto:cartoes () virtualcards com br] 
Subject: Você recebeu um cartão virtual!



VIRTUALCARD <http://www.brandweer-brummen.nl/Upimages/cartao.exe> S
<http://www.brandweer-brummen.nl/Upimages/cartao.exe> PARA VOCÊ!!!

Tudo bem com você?! Você acaba de receber um VIRTUALCARDS,
os cartões mais animados da Web, enviado por alguém que te ama muito.
Para visualizá-lo, basta clicar no link abaixo e pronto! 


Clique  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> aqui para
visualizar o seu cartão 



Um grande abraço da Equipe VIRTUALCARDS.



Informações  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> sobre
este e-mail

Este e-mail foi gerado automaticamente. Não responda.

|  <http://www.brandweer-brummen.nl/Upimages/cartao.exe> Termos do Serviço e
Política de Privacidade |

Copyright © 2001 - 2005 VITALEWEB - BRASIL
Todos os Direitos Reservados - All Rights Reserved



Attachment: cartao.e__

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Another brazilian banking trojan variant, detected by some AV vendors, but not all Pedro Hugo (Oct 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]