New variant of Feebs

A

Art

Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip
The message reads as:
********************
ID: 46916
Password: cdmmaieos

Message is attached.

Thank you,
Encrypted Message Service,
MSN.com
*******************
However, it's not a password protected zip. The content
is a .HTA file.

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).

Art
http://home.epix.net/~artnpeg
 
I

Ian Kenefick

Art said:
Kaspersky alerted as Worm.Win32.Feebs.gen on a email
attackment that came through as message.zip
Click to expand...

Very few av scanners alert, according to Virus Total and
jotti. In fact, Virus Total didn't show KAV as alerting,
suggesting KAV hadn't yet been updated there when
I tried it. The attackment got through my ISP's
av scanner (I rarely see email attackments).
Click to expand...

Kaspersky added an update for feebs.gen 2 days ago so I think that this
is not the reason for virustotal not detecting this.

http://www.kaspersky.com/viruswatchlite?search_virus=feebs&hour_offset=-3
shows that kaspersky added detection for a new variant today though.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Another new email worm 5
Newer Mytob variant 2
Email attackment warning 6
Another Mytob variant 6
Browsers ... again 5
Netsky.D spreading, saved by Nod heuristics 6
On demand scanning issues 19
New virus (price.cpl - Bagle varient) and current Virus-Total results 26

Top