Last Updated: 2006-01-01 17:20:05 UTC
by Swa Frantzen (Version: 1)
We sent in a similar sample today.
The results are not all that good:
eTrust-Vet 220.127.116.11 01.01.2006 Win32/Worfo
McAfee 4664 01.01.2006 Exploit-WMF
Symantec 8.0 01.01.2006 Backdoor.Trojan
All the others failed to detect the sample.
Do note that the Symantec detect is most likely on the payload. That payload isn't what any of the bad guys playing with this will insert. They will insert far nastier and far less off-the-shelf stuff than what we did.
So for now you still have the best chance with following the advice in this diary entry.