Vundo

 

I uploaded a suspicious file to Virustotal.com. The last analysis showed 0/37. An reanalysis resulted in a 7/37 detection; and 7/7 consistanly detected it as some variation of Vundo. 

 


My Tracking #

#10142928


Here's the ThreatExpert Report. I omitted the VT report to focus attention on the much more detailed ThreatExpert report. Very interesting.

 

http://www.threatexpert.com/report.aspx?md5=61db59639681afda3feddd0308dfff20


Look at the ThreatExpert Report, on the bottom, ThreatExpert heruistically detected that the executed file attempted to use BITS to download a file from childhe (dot com)

 

The SafeWeb analysis is here:

 

http://safeweb.norton.com/report/show?url=childhe.com

 

Now, this also relates to another thread about just how deep Norton scans; surprising it did not catch the fact that the file is a downloader; it downloads Vundo, according to ThreatExpert, and the SafeWeb report proves the site is infected with Vundo. 

 

 

 


So ... I am currently downloading AntiBot and installing it. I will then execute the suspicious file again, and allow AntiBot a couple hours.

 

 

Why AntiBot? Because Bloodhound obviously failed; so I am going to use full-fledged SONAR to see if it can detect the risk; NAV/NIS only include the most "battle-tested" components of AntiBot, according to a moderator. 

 

Message Edited by Tech0utsider on 12-19-2008 10:07 PM