• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Virus › New variant W32/Feebs found

New variant W32/Feebs found

Myantispyware team February 22, 2006     No Comment    

A new variant of W32/Feebs is making the rounds. Fellow handler Bojan has spent quite some time with de-obfuscating the JavaScript and VB code, and we’re still looking at what it does besides downloading base64 encoded versions of W32/Feebs. You might want to block access to

*.coconia.net
*.by.ru
*.kazan.bz
*.t35.com
*.freecoolsite.com
*.nm.ru

until the AV vendors have the patterns lined up.

New varian spreads as an email with subject “Secure Message from GMail.com user“, and contains a ZIP attachment (data.zip in the sample at hand), which in turn contains a file “Encrypted Html File.hta”, which contains the heavily obfuscated Javascript exploit code that triggers the W32/Feebs download from the above sites.

Update:
AV detection is available by now

BitDefender|7.2|02.22.2006|Win32.Worm.Feebs.1.Gen
Kaspersky|4.0.2.24|02.22.2006|Worm.Win32.Feebs.cb
McAfee|4703|02.22.2006|W32/Feebs.gen@MM
Panda|9.0.0.4|02.22.2006|Suspicious file
Sophos|4.02.0|02.22.2006|W32/Feebs-Gen
Symantec|8.0|02.22.2006|W32.Feebs

Thanks to SansBlog

Virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Download Converter Free
How to uninstall Download Converter Free from Chrome, Firefox, IE, Edge
Gamessavvy1.xyz
How to remove Gamessavvy1.xyz pop-ups (Virus removal guide)
News-capawo.cc
How to remove News-capawo.cc pop-ups (Virus removal guide)
Despection.space
How to remove Despection.space pop-ups (Virus removal guide)
1nJCE7GPLEgKVtoDB2vNKxivw3U6ogMeS
1nJCE7GPLEgKVtoDB2vNKxivw3U6ogMeS Bitcoin Email Scam

Follow Us

Search

Useful Guides

Malwarebytes won’t install, run or update – How to fix it
How to reset Mozilla Firefox (Updated Apr. 2018)
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
How to reset Internet Explorer settings to default

Recent Posts

Multiple vulnerabilities in WinAmp – Affected all versions (including 5.13)
Leap.A – Worm for Mac OS X
Found DVD disks contains a copy protection mechanism which uses rootkit-like cloaking technology.
Exploit for Vulnerability in Windows Media Player has been released
Adware SE 14.02.2006 update now available

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.