Re: MSN Messanger Virus

["Bernardo Quintero" <bernardo () hispasec com>]

> Mira las fotos >>> http://hometown.aol.com.au/miralafoto/imagens001.exe
>
> I've run a couple of virus scanners on this file with none of them being
> able to figure out what it is.  Anyone have any clues?  Also, I'm having

http://www.virustotal.com

Scan results
File: imagens001.exe
Date: 12/13/2005 19:30:16 (CET)
----
AntiVir 6.33.0.61/20051213 found [TR/Dldr.Banload.ID.4]
Avast 4.6.695.0/20051213 found nothing
AVG 718/20051208 found nothing
Avira 6.33.0.61/20051213 found [TR/Dldr.Banload.ID.4]
BitDefender 7.2/20051213 found [GenPack:Trojan.Downloader.Banload.ID]
CAT-QuickHeal 8.00/20051213 found [TrojanDownloader.Banload.id]
ClamAV devel-20051108/20051212 found nothing
DrWeb  4.33/20051213 found [Trojan.DownLoader.5891]
eTrust-Iris 7.1.194.0/20051213 found nothing
eTrust-Vet 12.3.3.0/20051213 found nothing
Fortinet 2.54.0.0/20051212 found [W32/Banker.ID!dldr]
F-Prot 3.16c/20051212 found nothing
Ikarus 0.2.59.0/20051213 found nothing
Kaspersky 4.0.2.24/20051213 found [Trojan-Downloader.Win32.Banload.id]
McAfee 4649/20051213 found [PWS-Banker.dldr]
NOD32v2 1.1320/20051212 found [probably unknown NewHeur_PE virus]
Norman 5.70.10/20051213 found nothing
Panda 8.02.00/20051213 found [Trj/Nabload.R]
Sophos 4.00.0/20051213 found nothing
Symantec 8.0/20051213 found nothing
TheHacker 5.9.1.054/20051213 found nothing
VBA32 3.10.5/20051213 found [Trojan-Downloader.Win32.Banload.id]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/