 | Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here! |
New variant W32/Feebs found
A new variant of W32/Feebs is making the rounds. Fellow handler Bojan has spent quite some time with de-obfuscating the JavaScript and VB code, and we’re still looking at what it does besides downloading base64 encoded versions of W32/Feebs. You might want to block access to
*.coconia.net
*.by.ru
*.kazan.bz
*.t35.com
*.freecoolsite.com
*.nm.ru
until the AV vendors have the patterns lined up.
New varian spreads as an email with subject “Secure Message from GMail.com user“, and contains a ZIP attachment (data.zip in the sample at hand), which in turn contains a file “Encrypted Html File.hta”, which contains the heavily obfuscated Javascript exploit code that triggers the W32/Feebs download from the above sites.
Update:
AV detection is available by now
BitDefender|7.2|02.22.2006|Win32.Worm.Feebs.1.Gen
Kaspersky|4.0.2.24|02.22.2006|Worm.Win32.Feebs.cb
McAfee|4703|02.22.2006|W32/Feebs.gen@MM
Panda|9.0.0.4|02.22.2006|Suspicious file
Sophos|4.02.0|02.22.2006|W32/Feebs-Gen
Symantec|8.0|02.22.2006|W32.Feebs
Thanks to SansBlog
No Comments yet »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Malware Removal:
- Remove antivircat.com hijacker and Security Suite malware
- How to remove Malware Destructor 2011 (Uninstall instructions)
- Remove antivirhand.com hijacker and Security Suite malware
- How to remove Win7 AV (Uninstall instructions)
- Remove antispyjob.com browser hijacker
- How to remove AWM Antivirus (Uninstall instructions)
- How to remove antivirspace.com browser hijacker
- How to remove antivirlock.com browser hijacker
- How to remove antivirmars.com browser hijacker
- How to remove Advanced Security Tool 2010 (Uninstall instructions)
Recent Forum Posts:
Recent Comments:
- ATF, try search these files using standard Windows...
- I used the %appdata% as per the instructions, but...
- Oh.. I did have one more comment.. I did not have...
- THANK YOU!!!THANK YOU!!!!THANK YOU!!!!! I am so ha...
- its excellent.... thanks to the programmer!...
- Works perfectly, thanx a lot....
- Worked first time! Thank you so much... so glad s...
- Very good, completely removed this nasty virus...
- Excellent tips, it worked great. Thanks so much....
- thanks a lot to solve my problem... i was not abl...
Categories:
Archives:
- September 2010 (8)
- August 2010 (21)
- July 2010 (9)
- June 2010 (11)
- May 2010 (11)
- April 2010 (7)
- March 2010 (19)
- February 2010 (20)
- January 2010 (26)
- December 2009 (26)
- November 2009 (23)
- October 2009 (26)
- September 2009 (18)
- August 2009 (12)
- July 2009 (10)
- June 2009 (10)
- May 2009 (7)
- April 2009 (18)
- March 2009 (21)
- February 2009 (15)
- January 2009 (13)
- December 2008 (7)
- November 2008 (15)
- October 2008 (14)
- September 2008 (10)
- August 2008 (5)
- July 2008 (3)
- June 2008 (4)
- May 2008 (5)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Help by linking to us:
- MyAntiSpyware needs your support. Please make a link from your site to us.
Use the button:
Bookmark Us:
My Anti Spyware - Free antispyware programs and Spyware Removal Instructions.