Website with Malware

Published: 2006-10-14
Last Updated: 2006-10-14 12:54:24 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
Our reader, Micheal, has notified us a website which could cause users to download a malware.

http:// c n n w a r n e w s . c o m/

A lookup at the domain shown that it is a newly registered domain (registered date is 12 Oct 06).

The website will load a normal webpage from an australian news website (through using frame). It will also however attempt to open a malware from another site.

http:// z a g e v q s o i i .b i z /dl/l o a d a d v 4 3 3 . e x e

VirusTotal shows the result of this malware:

Antivirus    Version        Update        Result
AntiVir    10.13.2006    TR/Dldr.Small.dib.6
Authentium    4.93.8    10.13.2006    Possibly a new variant of W32/Downloader-Sml-based!Maximus
Avast        4.7.892.0    10.13.2006    Win32:Small-BSO
AVG        386    10.13.2006    Downloader.Harnig.AM
BitDefender    7.2    10.14.2006    DeepScan:Generic.Malware.dld!!g.07E540DB
CAT-QuickHeal    8.00    10.14.2006    no virus found
ClamAV        devel-20060426    10.13.2006    Trojan.Downloader.Small-2840
eTrust-InoculateIT    23.73.22    10.13.2006    Win32/SillyDL!Trojan
eTrust-Vet    30.3.3131    10.13.2006    Win32/Harnig!generic
DrWeb        4.33    10.14.2006    Trojan.DownLoader.13549
Ewido        4.0    10.13.2006    no virus found
Fortinet    10.14.2006    W32/Dowadv.CU!tr.dldr
F-Prot        3.16f    10.13.2006    Possibly a new variant of W32/Downloader-Sml-based!Maximus
F-Prot4    10.13.2006    W32/Downloader-Sml-based!Maximus
Ikarus    10.13.2006    no virus found
Kaspersky    10.14.2006
McAfee        4873    10.13.2006    no virus found
Microsoft    1.1603    10.14.2006    TrojanDownloader:Win32/Vxidl
NOD32v2        1.1803    10.13.2006    a variant of Win32/TrojanDownloader.Small.DIB
Norman        5.80.02    10.13.2006    W32/DLoader.gen2
Panda    10.14.2006    Suspicious file
Sophos        4.10.0    10.13.2006    no virus found
TheHacker    10.14.2006    Trojan/Downloader.Tibs.gen
UNA        1.83    10.13.2006    no virus found
VBA32        3.11.1    10.13.2006    suspected of Downloader.Small.3 (paranoid heuristics)
VirusBuster    4.3.7:9    10.13.2006    Trojan.DL.Harnig.Gen.3

It just shown that seemly harmless website may not be that harmless at all. You should be extremely vigilant when visiting unfamiliar websites. If in doubt, it is always good to tighten your browser configuration (e.g. disable Java/ Java script/ ActiveX) before making any attempts to visit the site. This is of course assuming you have the usual security measures in place (latest patch, virus definition etc.).

0 comment(s)


Diary Archives