I uploaded a suspicious file to Virustotal.com. The last analysis showed 0/37. An reanalysis resulted in a 7/37 detection; and 7/7 consistanly detected it as some variation of Vundo.
My Tracking #
#10142928
Here's the ThreatExpert Report. I omitted the VT report to focus attention on the much more detailed ThreatExpert report. Very interesting.
http://www.threatexpert.com/report.aspx?md5=61db59639681afda3feddd0308dfff20
Look at the ThreatExpert Report, on the bottom, ThreatExpert heruistically detected that the executed file attempted to use BITS to download a file from childhe (dot com)
The SafeWeb analysis is here:
http://safeweb.norton.com/report/show?url=childhe.com
Now, this also relates to another thread about just how deep Norton scans; surprising it did not catch the fact that the file is a downloader; it downloads Vundo, according to ThreatExpert, and the SafeWeb report proves the site is infected with Vundo.
So ... I am currently downloading AntiBot and installing it. I will then execute the suspicious file again, and allow AntiBot a couple hours.
Why AntiBot? Because Bloodhound obviously failed; so I am going to use full-fledged SONAR to see if it can detect the risk; NAV/NIS only include the most "battle-tested" components of AntiBot, according to a moderator.