• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Virus › New variant W32/Feebs found

New variant W32/Feebs found

Myantispyware team February 22, 2006     No Comment    

A new variant of W32/Feebs is making the rounds. Fellow handler Bojan has spent quite some time with de-obfuscating the JavaScript and VB code, and we’re still looking at what it does besides downloading base64 encoded versions of W32/Feebs. You might want to block access to

*.coconia.net
*.by.ru
*.kazan.bz
*.t35.com
*.freecoolsite.com
*.nm.ru

until the AV vendors have the patterns lined up.

New varian spreads as an email with subject “Secure Message from GMail.com user“, and contains a ZIP attachment (data.zip in the sample at hand), which in turn contains a file “Encrypted Html File.hta”, which contains the heavily obfuscated Javascript exploit code that triggers the W32/Feebs download from the above sites.

Update:
AV detection is available by now

BitDefender|7.2|02.22.2006|Win32.Worm.Feebs.1.Gen
Kaspersky|4.0.2.24|02.22.2006|Worm.Win32.Feebs.cb
McAfee|4703|02.22.2006|W32/Feebs.gen@MM
Panda|9.0.0.4|02.22.2006|Suspicious file
Sophos|4.02.0|02.22.2006|W32/Feebs-Gen
Symantec|8.0|02.22.2006|W32.Feebs

Thanks to SansBlog

Virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Your File Is Ready To Download pop-up scam
Your File Is Ready To Download Virus Removal Guide
Muttere.buzz Press Allow Scam
Muttere.buzz Virus Removal Guide
graz.bezil.ru redirect
Graz.bezil.ru pop-up redirect (Virus removal guide)
TickTackSpeedup PUP
How to remove TickTackSpeedup (Quick & Easy) in 2022
YSearches.com redirect
How to get rid of YSearches.com redirect from Chrome, Firefox, IE, Edge

Follow Us

Search

Useful Guides

Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
Best free malware removal tools
Best Free Malware Removal Tools 2020
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)

Recent Posts

Multiple vulnerabilities in WinAmp – Affected all versions (including 5.13)
Leap.A – Worm for Mac OS X
Found DVD disks contains a copy protection mechanism which uses rootkit-like cloaking technology.
Exploit for Vulnerability in Windows Media Player has been released
Adware SE 14.02.2006 update now available

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.