高雄醫學大學網馬串串

發表時間: 2008-8-28 12:48 作者: nansenat16 來源: AVPClub Security Home

幾乎都沒加密或混淆，ms系列的shellcode很多
到是熱門的flash沒看到

消息來源:http://rogerspeaking.com/2008/08/1294

下載的執行檔，TE分析結果:http://www.threatexpert.com/repo ... d81987c05eabb4d1b03

[ 本帖最後由 nansenat16 於 2008-8-28 12:51 編輯 ]

p96.kmu.edu.tw_20080828.zip
(2008-08-28 12:48:03, Size: 84.7 kB, Downloads: 23)

我也來說兩句 查看全部評論相關評論

eric7511 (2008-8-28 12:53:20)

費爾托斯特安全V7R3
病毒碼時間：v8.117.57631(2008.08.28.11:54)
發現異常檔案數量：10
已偵測到有病毒包含 JS.MS07027.Exploit.b、JS.Decoder.p、Script.HttpDownloader.g
JS.SecretActiveX.a、JS.Decoder.k
已偵測到有木馬 TrojanDropper.Agent.ovb.urwq
vaio3388 (2008-8-28 13:43:36)

KIS 8.0.0.358 發現10種威脅
Wan (2008-8-28 15:05:00)

小紅傘PE
偵測到14隻
可疑檔案一隻
Wan (2008-8-28 15:12:46)

AVG Free 8.0
偵測到11隻
Wan (2008-8-28 15:18:52)

BitDefender v10 Free OEM
偵測數量:5
Wan (2008-8-28 15:23:02)

ClamWinFreeAntiVirus
偵測數量:1隻
Wan (2008-8-28 15:45:46)

PC Tool AntiVirus
偵測數量:0隻
Wan (2008-8-28 15:46:57)

Online Mlaware Scan
A-Squared
Found nothing
AntiVir
Found HTML/Shellcode.Gen, EXP/IframeBof, HTML/Crypted.Gen, HEUR/HTML.Malware, HTML/Rce.Gen, TR/Dropper.Gen
ArcaVir
Found nothing
Avast
Found VBS:Malware-gen, HTML:IEslice-B, JS:IESlice
AVG Antivirus
Found Exploit, JS/Downloader.Agent, PHP/BackDoor.J
BitDefender
Found Exploit.JS.XMLCore.A, Exploit.HTML.Agent.X, Exploit.HTML.Agent.AC, Exploit.HTML.Agent.AQ, Trojan.JS.Downloader.G, Trojan.Script.161, Generic.XPL.ADODB.0E83E90F (probable variant)
ClamAV
Found JS.Downloader-19
CPsecure
Found Troj.Downloader.JS.Agent.iu
Dr.Web
Found Exploit.VMLFill
F-Prot Antivirus
Found HTML/IFrameBoF, JS/Xunlei.A, JS/Psyme.EU, JS/Agent.BM, JS/IFrameBoF.J, VBS/Psyme.FZ, JS/Agent.BT
F-Secure Anti-Virus
Found Exploit.JS.Agent.bm, Exploit.HTML.IframeBof.y, Constructor.Win32.IESlice.d, Exploit.HTML.IESlice.aw, Trojan-Downloader.JS.Agent.oe
Fortinet
Found JS/ShellCode.A!exploit (probable variant)
Ikarus
Found Exploit.HTML.IframeBof
Kaspersky Anti-Virus
Found Exploit.JS.Agent.bm, Exploit.HTML.IframeBof.y, Constructor.Win32.IESlice.d, Exploit.HTML.IESlice.aw, Trojan-Downloader.JS.Agent.oe
NOD32
Found JS/Exploit.BO.NAE, JS/Exploit.BO.NAC, HTML/Exploit.VML.E, HTML/Exploit.IESlice.AJ, VBS/TrojanDownloader.Agent.NAN, a variant of Win32/Dialer.NEW
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/JSShell-B, Mal/Psyme-B, Mal/Dorf-A
VirusBuster
Found Exploit.VML.C, Exploit.VML.R, Trojan.DL.JS.Agent.UPE, Exploit.IFramebof.AB, VBS.Psyme.EH
VBA32
Found Exploit.HTML.Agent.i, Exploit.HTML.Mht
Wan (2008-8-28 15:49:19)

VT的報告
反病毒引擎版本最後更新掃瞄結果
AhnLab-V3 2008.8.27.1 2008.08.28 -
AntiVir 7.8.1.23 2008.08.28 HTML/Shellcode.Gen
Authentium 5.1.0.4 2008.08.28 HTML/IFrameBoF
Avast 4.8.1195.0 2008.08.27 VBS:Malware-gen
AVG 8.0.0.161 2008.08.27 Exploit
BitDefender 7.2 2008.08.28 Exploit.JS.XMLCore.A
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.28 JS.Downloader-19
DrWeb 4.44.0.09170 2008.08.28 Exploit.VMLFill
eSafe 7.0.17.0 2008.08.27 JS.Shellcode.b
eTrust-Vet 31.6.6052 2008.08.27 JS/MS05-054!exploit
Ewido 4.0 2008.08.27 Downloader.Psyme.dh
F-Prot 4.4.4.56 2008.08.28 HTML/IFrameBoF
F-Secure 7.60.13501.0 2008.08.28 Exploit.JS.Agent.bm
Fortinet 3.14.0.0 2008.08.28 JS/ShellCode.A!exploit
GData 19 2008.08.28 Exploit.JS.Agent.bm
Ikarus T3.1.1.34.0 2008.08.28 Exploit.HTML.IframeBof
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.28 Exploit.JS.Agent.bm
McAfee 5371 2008.08.27 Exploit-MS06-014.gen
Microsoft 1.3807 2008.08.25 Exploit:Win32/Senglot.A
NOD32v2 3394 2008.08.27 JS/Exploit.BO.NAE
Norman 5.80.02 2008.08.27 JS/Shellcode.B
Panda 9.0.0.4 2008.08.27 -
PCTools 4.4.2.0 2008.08.27 HTML.Psyme.Gen
Prevx1 V2 2008.08.28 -
Rising 20.59.30.00 2008.08.28 Hack.Exploit.Agent.cw
Sophos 4.33.0 2008.08.28 Mal/JSShell-B
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.28 Bloodhound.Exploit.165
TheHacker 6.3.0.6.064 2008.08.27 JS/IE.Exploit
TrendMicro 8.700.0.1004 2008.08.28 JS_AGENT.AATD
VBA32 3.12.8.4 2008.08.27 Exploit.HTML.Agent.i
ViRobot 2008.8.27.1352 2008.08.27 -
VirusBuster 4.5.11.0 2008.08.27 Exploit.VML.C
Webwasher-Gateway 6.6.2 2008.08.28 Script.Shellcode.Gen

附加訊息
File size: 86761 bytes
MD5...: 86ecb9d4245cd9cd122c93f36ed9e6dd
SHA1..: f5fd4c979e69d7e1dd8ab741800562db207be4a6
SHA256: d37f4b5c8273944a17e230e47d15d1d20623ea47f6907fa4aca8b94be3a2c23f
SHA512: 1dd0aa1965ec31f61d6f33019cac546c87f9a0a121bde5d72d2cb843e5f85621<br>a44815d56633962ebd60358e77f47115fcfee64e30d6b32495f26ea45a8befe4
PEiD..: -
TrID..: File type identification<br>ZIP compressed archive (99.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -
packers (F-Prot): RLPack
packers (Avast): RLPack
Wan (2008-8-28 15:56:11)

TM Sysclean偵測數量:11隻
採用lpt504.01
krichard2007 (2008-8-28 16:32:02)

可以請問一下....
ThreatExpert
要怎麼上報嗎...
haol (2008-8-28 19:54:49)

avast found 11 threats
小C (2008-8-28 20:46:13)

ThreatExpert

提交成功

推薦一個臨時信箱 Minute Mail

等收信...

閒閒沒事...

[ 本帖最後由小C 於 2008-8-28 20:47 編輯 ]
wopti (2008-8-28 21:15:09)

驱逐舰发现病毒
Exploit.VMLFil
megakotaro (2008-8-29 16:26:02)

上報給avira所有檔案
能偵測的真是少啊，一堆「分析中」