月度關注熱點

AVPClub成立威脅測試實驗室 11.25名單更新
dmserver.dll木馬
0021樣本包回覆區(請注意計算方式)
台灣樂彩官網惡意程式樣本+分析結果
最新AutoRUN,能抓到的廠商不多!
這次的精彩了,yahoo樣本一個
我的志願((超好笑,不看可惜))((另附校長評語)) 密碼(1230)
VirusTotal 沒有掃到但是可能有問題
久違的yahoo樣本
norton無故報毒

最新更新主題

No.20 Test reply - 2008年12月1日 17:44 前之樣本總測試
可疑網站
晚餐時間,大家測試看看囉...
下午茶時間,大家測試看看囉...
午餐時間,大家測試看看囉...
木馬更新中,大家測試看看囉...
早餐時間,大家測試看看囉...
網頁病毒、2個
又是System Volume Information下的毒,請君測看看
樣本一枚

新變種 kxvo 系列 36隻

發表時間: 2008-9-18 15:31    作者: upside    來源: AVPClub Security Home

字體: | 打印

舊毒那一包 幾乎大家都能查殺了
所以就不發 過一陣子再說
這一個月 又出現新變種的浪潮
一下子又變多了

奈米盤:
u36.zip

便當狗:
http://www.badongo.com/file/11392702

我也來說兩句 查看全部評論 相關評論

  • Bug (2008-9-18 15:57:28)


  • upside (2008-9-18 16:00:39)


    最近我一直在搞笑 真是對不起大家
    剛剛才發現 應該是35隻
    每次都會多算一隻

  • Bug (2008-9-18 16:09:02)



    所以NIS會寫36應該是把ZIP都算進去了....所以+1

    難怪剛剛覺得奇怪...

    把剩下的一個檔案上報了賽門鐵克安全機制應變中心

  • skywalker (2008-9-18 16:32:52)

    卡飯的f-secure 8.0rtm版掃到33隻的報告
    掃描報告
    2008年9月18日 下午 04:28:13 - 下午 04:28:18

    電腦名稱: PC
    掃描類型: 掃描目標
    目標: C:\Documents and Settings\user\桌面\u36
    結果: 發現 33 惡意程式
    Trojan-GameThief.Win32.Magania.abuq (病毒)

        * C:\Documents and Settings\user\桌面\u36\0pqb6qnj.cmd 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.adsy (病毒)

        * C:\Documents and Settings\user\桌面\u36\0qx0sc6.bat 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.wdl (病毒)

        * C:\Documents and Settings\user\桌面\u36\0wk2.cmd 動作: 已重新命名

    Trojan-GameThief.Win32.OnLineGames.tarv (病毒)

        * C:\Documents and Settings\user\桌面\u36\2px8tdn.bat 動作: 已重新命名

    Trojan.Win32.Vaklik.bts (病毒)

        * C:\Documents and Settings\user\桌面\u36\31n3b2h.exe 動作: 已重新命名

    Trojan-GameThief.Win32.OnLineGames.swae (病毒)

        * C:\Documents and Settings\user\桌面\u36\39ysi89.com 動作: 已重新命名

    Worm.Win32.AutoRun.cdw (病毒)

        * C:\Documents and Settings\user\桌面\u36\3g08.bat 動作: 已重新命名

    Trojan-GameThief.Win32.Magania.adkz (病毒)

        * C:\Documents and Settings\user\桌面\u36\3jkka91.com 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.aeai (病毒)

        * C:\Documents and Settings\user\桌面\u36\6g3.com 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.rxsd (病毒)

        * C:\Documents and Settings\user\桌面\u36\6tkoyhx.cmd 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.ssa (病毒)

        * C:\Documents and Settings\user\桌面\u36\cfv90h.com 動作: 已重新命名

    Trojan.Win32.Vaklik.bvo (病毒)

        * C:\Documents and Settings\user\桌面\u36\d3bn0j.exe 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.ambr (病毒)

        * C:\Documents and Settings\user\桌面\u36\ddyikr.cmd 動作: 已重新命名

    Trojan.Win32.Vaklik.bls (病毒)

        * C:\Documents and Settings\user\桌面\u36\eb9ehyh.exe 動作: 已重新命名

    Trojan.Win32.Vaklik.awu (病毒)

        * C:\Documents and Settings\user\桌面\u36\f.bat 動作: 已重新命名

    Worm.Win32.AutoRun.dox (病毒)

        * C:\Documents and Settings\user\桌面\u36\h3hi1k3.exe 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.aejw (病毒)

        * C:\Documents and Settings\user\桌面\u36\j.cmd 動作: 已重新命名

    Trojan-GameThief.Win32.OnLineGames.stoe (病毒)

        * C:\Documents and Settings\user\桌面\u36\jg6w3yx.com 動作: 已重新命名

    Trojan.Win32.Vaklik.bsy (病毒)

        * C:\Documents and Settings\user\桌面\u36\k6wkwon2.exe 動作: 已重新命名

    Trojan-PSW.Win32.Magania.tyw (病毒)

        * C:\Documents and Settings\user\桌面\u36\kdy.cmd 動作: 已重新命名

    Worm.Win32.AutoRun.clt (病毒)

        * C:\Documents and Settings\user\桌面\u36\kqsr.exe 動作: 已重新命名

    Trojan.Win32.Vaklik.bmq (病毒)

        * C:\Documents and Settings\user\桌面\u36\n6j6pc0.com 動作: 已重新命名

    Worm.Win32.AutoRun.eev (病毒)

        * C:\Documents and Settings\user\桌面\u36\o6opnro.bat 動作: 已重新命名

    Worm.Win32.AutoRun.eqn (病毒)

        * C:\Documents and Settings\user\桌面\u36\okhr.exe 動作: 已重新命名

    Worm.Win32.AutoRun.mhv (病毒)

        * C:\Documents and Settings\user\桌面\u36\pamn.exe 動作: 已重新命名

    Trojan-GameThief.Win32.Magania.aadk (病毒)

        * C:\Documents and Settings\user\桌面\u36\s9l.exe 動作: 已重新命名

    Worm.Win32.AutoRun.myb (病毒)

        * C:\Documents and Settings\user\桌面\u36\tj8odymw.exe 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.rpw (病毒)

        * C:\Documents and Settings\user\桌面\u36\u.exe 動作: 已重新命名

    Trojan-PSW.Win32.OnLineGames.abtx (病毒)

        * C:\Documents and Settings\user\桌面\u36\v2h3.exe 動作: 已重新命名

    Trojan.Win32.Vaklik.bod (病毒)

        * C:\Documents and Settings\user\桌面\u36\w.cmd 動作: 已重新命名

    Worm.Win32.AutoRun.cjo (病毒)

        * C:\Documents and Settings\user\桌面\u36\w0owgn.bat 動作: 已重新命名

    Trojan-GameThief.Win32.OnLineGames.tgec (病毒)

        * C:\Documents and Settings\user\桌面\u36\x.cmd 動作: 已重新命名

    Trojan-PSW.Win32.Magania.ulw (病毒)

        * C:\Documents and Settings\user\桌面\u36\ynfs9ks.cmd 動作: 已重新命名

    統計資料
    已掃描:

        * 檔案: 35
        * 未掃描: 0

    結果:

        * 病毒: 33
        * 間諜軟體: 0
        * 可疑項目: 0
        * 危險軟體: 0

    動作:

        * 已殺毒: 0
        * 已重新命名: 33
        * 已刪除: 0
        * 已隔離: 0
        * 失敗: 0

    開機磁區:

        * 已掃描: 0
        * 已感染: 0
        * 可疑項目: 0
        * 已殺毒: 0

    選項
    定義版本:

        * 病毒: 2008-09-18_01
        * 間諜軟體: 2008-09-18_01

    掃描引擎:

        * F-Secure AVP: 7.00.171, 2008-09-18
        * F-Secure Hydra: 2.08.8110, 2008-09-18

    掃描選項:

        * 掃描定義的檔案: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
        * 掃描內部封存檔案

    動作:

        * 病毒: 掃描後詢問
        * 間諜軟體: 掃描後詢問

          版權 © 1998-2008 產品支援 | 傳送病毒範例至 F-Secure
          對於 F-Secure 全球資訊網網頁上所連結的由第三方建立和發佈的材料, F-Secure 不承擔任何責任。除非在向我們的伺服器提交資料時以其他方式,如透過電子郵件或 F-Secure CGI 電子郵件明確表明,否則,表示您同意所提供的材料在 F-Secure 全球資訊網頁面上或印刷紙本的形式發佈。 您可以按一下加底線的連結,然後進入 F-Secure 公共網站。此時,系統會在私人存取統計資料中記錄您的存取和網域名稱。此資訊不會提供給任何第三方。您同意不針對所提交的材料向我們提出任何訴訟。除非您已明確表明,否則,應提交材料以確保 F-Secure 針對可能在 F-Secure 產品/出版物中採用的任何概念,不承擔任何責任。

  • Bug (2008-9-18 16:39:19)

  • sun88990 (2008-9-18 17:15:10)

    McAfee測試了會砍卡八檔案的kavo..
    http://vil.nai.com/vil/content/v_150377.htm

  • fanks (2008-9-18 17:47:17)

    江民KV2008------------------------------檔案數:35  查殺數:32
    AntiVirusKit2007 Plus Lite-------------檔案數:35  查殺數:35

  • hklwk (2008-9-18 18:19:03)

    0 Scanning directories
         36 Files were scanned
         33 viruses and/or unwanted programs were found
          0 Files were classified as suspicious:
          1 files were deleted
          0 files were repaired
          1 files were moved to quarantine
          0 files were renamed
          0 Files cannot be scanned
          3 Files not concerned
          1 Archives were scanned
          0 Warnings
          1 Notes

  • Bug (2008-9-18 19:26:08)



    2008/9/18 -

    Certified Multiple Daily LiveUpdate
    Total Detections (Threats & Risks): 2135770

    QUOTE:

    Symantec Endpoint Protection 11
    Norton AntiVirus 2008 and newer
    Certified Daily LiveUpdate
    Total Detections (Threats & Risks): 2125574

    QUOTE:

    Symantec AntiVirus
    Norton AntiVirus 2006/2007
    Rapid Release Virus Definitions
    Total Detections (Threats & Risks): 2135877

    QUOTE:

    Rapid Release

    Rapid release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these detection signatures is the rapid detection of newly emerging threats. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that Rapid Release virus definitions may pose some risks such as a higher potential for false positives. Rapid release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast-spreading virus outbreaks. These signatures are released once or twice per hour.

    Rapid Release Definitions can be obtained here: http://www.symantec.com/avcenter/rapidrelease.download.html
    我用最後一個版本的話...
    原來遺漏的那隻昨天就發布病毒碼了
    Symantec繁複認證避免誤報的程序還真是講究 = =
    如果是Kaspersky病毒碼哪有分這麼多對應版本

    [ 本帖最後由 Bug 於 2008-9-18 19:28 編輯 ]

  • Bug (2008-9-18 20:03:27)

    剛剛看了 一下又變了
    Rapid Release Virus Definitions
    Total Detections (Threats & Risks) : 2135984

    其他版的病毒碼數量沒變...

    看來AVC沒測出Symantec真正的實力

  • jm5513581 (2008-9-18 20:56:36)

    NOD32 3.0
    病毒資料庫3449
    直接攔劫,發現多種威脅..

  • ian10233 (2008-9-18 23:06:18)

    Avast----------avast----------
    "Win32:Gamona [Trj]" has been found in "D:\u36.zip\0pqb6qnj.cmd" file.   
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\0qx0sc6.bat" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\0wk2.cmd" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\2px8tdn.bat" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\31n3b2h.exe" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\39ysi89.com" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\3g08.bat" file.  
    "Win32:Rootkit-gen [Rtk]" has been found in "D:\u36.zip\3jkka91.com" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\6g3.com" file.  
    "Win32:Oliga [Trj]" has been found in "D:\u36.zip\6tkoyhx.cmd" file.  
    "Win32:OnLineGames-CVK [Trj]" has been found in "D:\u36.zip\cfv90h.com" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\d3bn0j.exe" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\ddyikr.cmd" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\eb9ehyh.exe" file.  
    "Win32:Oliga [Trj]" has been found in "D:\u36.zip\f.bat" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\h3hi1k3.exe" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\j.cmd" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\jg6w3yx.com" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\k6wkwon2.exe" file.  
    "Win32:Oliga [Trj]" has been found in "D:\u36.zip\kdy.cmd" file.  
    "Win32:AutoRun-WB [Wrm]" has been found in "D:\u36.zip\kqsr.exe" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\n6j6pc0.com" file.  
    "Win32:Oliga [Trj]" has been found in "D:\u36.zip\o6opnro.bat" file.  
    "Win32:Gamona [Trj]" has been found in "D:\u36.zip\okhr.exe" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\pamn.exe" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\s9l.exe" file.  
    "Win32:Rootkit-gen [Rtk]" has been found in "D:\u36.zip\tj8odymw.exe" file.  
    "Win32:OnLineGames-EPN [Trj]" has been found in "D:\u36.zip\u.exe" file.  
    "Win32:Rootkit-gen [Rtk]" has been found in "D:\u36.zip\uh31.exe" file.  
    "Win32:AuCrypt [Cryp]" has been found in "D:\u36.zip\v2h3.exe" file.  
    "Win32:Monga [Trj]" has been found in "D:\u36.zip\w.cmd" file.  
    "Win32:AutoRun-WC [Wrm]" has been found in "D:\u36.zip\w0owgn.bat" file.  
    "Win32:Rootkit-gen [Rtk]" has been found in "D:\u36.zip\x.cmd" file.  
    "Win32:Oliga [Trj]" has been found in "D:\u36.zip\ynfs9ks.cmd" file.  
    "Win32:Rootkit-gen [Rtk]" has been found in "D:\u36.zip\ypjq1.cmd" file.

  • w12345k (2008-9-19 03:36:42)

    BitDefender記錄檔案!!!!!
    產品:  : BitDefender Antivirus 2008
    版本 : BitDefender UI掃瞄器V.11
    記錄日期 : 03:36:04 19/09/2008
    記錄路徑 : C:\Documents and Settings\littlecho\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1221766564_1_01.xml

    掃描路徑路徑0000: C:\Documents and Settings\littlecho\桌面\u36.zip


    掃描選項掃瞄病毒 : 是
    掃瞄廣告軟體  : 是
    掃瞄間諜程式 : 是
    掃描應用程式 : 是
    掃描撥號工具 : 是
    掃描 Rootkits : 否


    掃描目標選項:掃描登錄碼 : 否
    掃描 Cookies : 否
    掃瞄開機磁區 : 否
    掃瞄記憶體的程式 : 否
    掃描資料封存(archive) : 是
    掃瞄執行階段壓縮器 : 是
    掃描電子郵件 : 是
    掃描所有的檔案 : 是
    啟發式掃瞄 : 是
    掃描副檔名 :  
    排除的副檔名 :  


    處理程序預設針對受感染物件所採取的動作 : 消毒
    預設針對懷疑物件所採取行動 : 無
    預設對隱藏物件所採取行動 : 無


    掃瞄引擎摘要病毒特徵碼數量 : 1765190
    資料封存(archive)插件 : 43
    郵件插件 : 6
    掃瞄插件 : 12
    資料封存(archive)插件 : 43
    系統插件 : 4
    解壓縮插件 : 7


    掃瞄總結掃描的項目 : 36
    受感染的項目 : 35
    可疑的項目 : 0
    解決項目 : 35
    找到個體病毒 : 14
    掃瞄目錄 : 0
    掃描開機磁區 : 0
    掃描資料封存(archive) : 1
    輸入- 輸出錯誤 : 0
    掃瞄時間 : 00:00:00:07
    檔案 每秒 : 5


    掃瞄程序總結已掃瞄 : 0
    受感染 : 0


    已掃瞄的登錄碼總結已掃瞄 : 0
    受感染 : 0


    已掃瞄的cookies總結已掃瞄 : 0
    受感染 : 0


    剩下的事件:物件名稱 威脅名稱: 最後狀態


    已解決的事件:物件名稱 威脅名稱: 最後狀態
    C:\Documents and Settings\littlecho\桌面\u36.zip=]0pqb6qnj.cmd Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]0wk2.cmd Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]2px8tdn.bat Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]39ysi89.com Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]3jkka91.com Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]6g3.com Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]cfv90h.com Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]d3bn0j.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]ddyikr.cmd Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]eb9ehyh.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]f.bat Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]h3hi1k3.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]j.cmd Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]k6wkwon2.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]kqsr.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]n6j6pc0.com Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]okhr.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]pamn.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]s9l.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]tj8odymw.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]uh31.exe Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]x.cmd Packer.Malware.NSAnti.1 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]3g08.bat Trojan.Agent.AGPI 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]v2h3.exe Trojan.Agent.AIFU 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]0qx0sc6.bat Trojan.Agent.AIKL 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]u.exe Trojan.Generic.513481 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]ypjq1.cmd Trojan.Onlinegames.ZQ 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]w0owgn.bat Trojan.PWS.OnlineGames.WME 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]kdy.cmd Trojan.PWS.OnlineGames.ZBG 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]ynfs9ks.cmd Trojan.PWS.OnlineGames.ZCO 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]6tkoyhx.cmd Trojan.PWS.OnlineGames.ZCS 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]o6opnro.bat Trojan.PWS.OnlineGames.ZCY 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]w.cmd Trojan.PWS.OnlineGames.ZFL 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]jg6w3yx.com Trojan.PWS.OnlineGames.ZQE 已刪除
    C:\Documents and Settings\littlecho\桌面\u36.zip=]31n3b2h.exe Trojan.PWS.OnlineGames.ZQU 已刪除


    沒有被掃描的物件:物件名稱 原因 最後狀態

  • vaio3388 (2008-9-19 12:18:40)

    KIS 8.0.0.454

    偵測惡意威脅: 36
    木馬: 27
    病毒: 9

  • haol (2008-9-19 21:15:21)

    avg free8.0 found 35 threats
查看全部評論我也來說兩句