Botnet with reference to SANS
In a lot of the malware that comes across ISC, the author leave in some kind of signature or message. This week, we have received report of a botnet malware with reference to SANS (hidden in the code), the message is similar to the following,
You better f##k off SANS.org especially that Johannes Ullrich (jullrich@XXX, XXX-XXX-XXXX) and Kevin Hong (khong@XXX.kr, +XX-X-XX-XXX). I really don't have anything against you, just p##s off alright?
The author of the malware also registered 'sans-security.org' (now defunct)
The binary is a Vanbot variant. At the time of writing, Virustotal has the following to say about the malware.
You better f##k off SANS.org especially that Johannes Ullrich (jullrich@XXX, XXX-XXX-XXXX) and Kevin Hong (khong@XXX.kr, +XX-X-XX-XXX). I really don't have anything against you, just p##s off alright?
The author of the malware also registered 'sans-security.org' (now defunct)
The binary is a Vanbot variant. At the time of writing, Virustotal has the following to say about the malware.
Antivirus | Version | Update | Result |
AntiVir | 7.3.1.38 | 02.22.2007 | BDS/VanBot.AY.6 |
Authentium | 4.93.8 | 02.23.2007 | W32/Trojan.YAZ |
Avast | 4.7.936.0 | 02.22.2007 | no virus found |
AVG | 386 | 02.23.2007 | BackDoor.Generic5.CLH |
BitDefender | 7.2 | 02.23.2007 | no virus found |
CAT-QuickHeal | 9.00 | 02.22.2007 | Backdoor.VanBot.ay |
ClamAV | devel-20060426 | 02.22.2007 | no virus found |
DrWeb | 4.33 | 02.23.2007 | BackDoor.IRC.Sdbot.1125 |
eSafe | 7.0.14.0 | 02.23.2007 | Win32.VanBot.ay |
eTrust-Vet | 30.4.3423 | 02.23.2007 | Win32/Nirbot.K |
Ewido | 4.0 | 02.22.2007 | Backdoor.IRCBot.aab |
FileAdvisor | 1 | 02.23.2007 | no virus found |
Fortinet | 2.85.0.0 | 02.23.2007 | W32/SDBot.H!worm |
F-Prot | 4.3.1.45 | 02.22.2007 | W32/Trojan.YAZ |
F-Secure | 6.70.13030.0 | 02.23.2007 | Backdoor.Win32.VanBot.ay |
Ikarus | T3.1.0.31 | 02.22.2007 | Backdoor.Win32.VanBot.ay |
Kaspersky | 4.0.2.24 | 02.23.2007 | Backdoor.Win32.VanBot.ay |
McAfee | 4969 | 02.22.2007 | W32/Sdbot.worm.gen.h |
Microsoft | 1.2204 | 02.23.2007 | no virus found |
NOD32v2 | 2076 | 02.22.2007 | Win32/Vanbot.AY |
Norman | 5.80.02 | 02.22.2007 | no virus found |
Panda | 9.0.0.4 | 02.23.2007 | W32/Sdbot.JWH.worm |
Prevx1 | V2 | 02.23.2007 | Malware.Trojan.Backdoor.Gen |
Sophos | 4.14.0 | 02.21.2007 | no virus found |
Sunbelt | 2.2.907.0 | 02.22.2007 | no virus found |
Symantec | 10 | 02.23.2007 | W32.Rinbot.B |
TheHacker | 6.1.6.062 | 02.21.2007 | no virus found |
UNA | 1.83 | 02.22.2007 | Backdoor.VanBot.E9CE |
VBA32 | 3.11.2 | 02.22.2007 | Backdoor.Win32.VanBot.ay |
VirusBuster | 4.3.19:9 | 02.22.2007 | no virus found |
Keywords:
0 comment(s)
My next class:
Cloud Security for Leaders | Washington | Dec 13th - Dec 17th 2024 |
×
Diary Archives
Comments