I uploaded a suspicious file to Virustotal.com. The last analysis showed 0/37. An reanalysis resulted in a 7/37 detection; and 7/7 consistanly detected it as some variation of Vundo.
My Tracking #
Here's the ThreatExpert Report. I omitted the VT report to focus attention on the much more detailed ThreatExpert report. Very interesting.
Look at the ThreatExpert Report, on the bottom, ThreatExpert heruistically detected that the executed file attempted to use BITS to download a file from childhe (dot com)
The SafeWeb analysis is here:
Now, this also relates to another thread about just how deep Norton scans; surprising it did not catch the fact that the file is a downloader; it downloads Vundo, according to ThreatExpert, and the SafeWeb report proves the site is infected with Vundo.
So ... I am currently downloading AntiBot and installing it. I will then execute the suspicious file again, and allow AntiBot a couple hours.
Why AntiBot? Because Bloodhound obviously failed; so I am going to use full-fledged SONAR to see if it can detect the risk; NAV/NIS only include the most "battle-tested" components of AntiBot, according to a moderator.Message Edited by Tech0utsider on 12-19-2008 10:07 PM