Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

new Haxdoor

Published: 2006-07-25
Last Updated: 2006-07-25 16:22:24 UTC
by donald smith (Version: 2)
0 comment(s)
UPDATE: These are also being sent out spoofed from customercare@bestbuy.com and customercare@amazon.com.

W
e received several notifications of an email being spoofed from ecost. It is being used to "socially engineer" or trick people into installing a new version of Haxdoor.

This virus was largely undetected by most of the commercial antivirus vendors yesterday. We have submitted samples to most of the commercial antivirus vendors.
They are responding rapidly and in many cases they are able to detect it now.

Antivirus Version Update Result
AntiVir 6.35.0.24 07.23.2006 no virus found
Authentium 4.93.8 07.21.2006 no virus found
Avast 4.7.844.0 07.23.2006 no virus found
AVG 386 07.21.2006 no virus found
BitDefender 7.2 07.22.2006 BehavesLike:Trojan.WinlogonHook
CAT-QuickHeal 8.00 07.22.2006 (Suspicious) - DNAScan
ClamAV devel-20060426 07.21.2006 no virus found
DrWeb 4.33 07.23.2006 no virus found
eTrust-InoculateIT 23.72.76 07.23.2006 no virus found
eTrust-Vet 12.6.2305 07.21.2006 Win32/Haxdoor!generic
Ewido 4.0 07.23.2006 no virus found
Fortinet 2.77.0.0 07.23.2006 suspicious
F-Prot 3.16f 07.21.2006 no virus found
F-Prot4 4.2.1.29 07.21.2006 no virus found
Ikarus 0.2.65.0 07.23.2006 no virus found
Kaspersky 4.0.2.24 07.24.2006 no virus found
McAfee 4812 07.21.2006 no virus found
Microsoft 1.1508 07.24.2006 no virus found
NOD32v2 1.1675 07.23.2006 no virus found

Norman 5.90.23 07.21.2006 no virus found
Panda 9.0.0.4 07.23.2006 Suspicious file
Sophos 4.07.0 07.23.2006 no virus found
Symantec 8.0 07.24.2006 no virus found
TheHacker 5.9.8.180 07.24.2006 no virus found
UNA 1.83 07.21.2006 no virus found
VBA32 3.11.0 07.24.2006 no virus found
VirusBuster 4.3.7:9 07.23.2006 Trojan.DR.Haxdoor.Gen.4
 

---- Text from original message -----
Dear Sir/Madam,

Thank you for shopping with our internet shop. Your order, WC2905036, has been received. Summary of your order you can see in the attachment file.

This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.

Please Note: There is no need to re-send your request or call our
customer service department for status or tracking number, this will
only delay our response time to you. Rest assured, we are making every
effort to process and ship your order within 1 to 2 business days. We
appreciate your understanding and patience and do value your business. 

Once your order has been processed and shipped a FEDEX Tracking number
will be automatically emailed to the address provided.

Please Note: Tracking information will be available in FedEx's system
only after 10pm EST Monday thru Friday. If you receive a tracking
number on Sunday, you will be able to track it Monday evening after
10pm EST.
All orders placed including 1-2 or 2-3 business day options are
shipped within 48 hours providing the merchandise is in stock.

All FedEx Ground orders will take 7-10 business days to arrive.
Some packages may require a signature upon delivery. These packages
will not be left without a signature. For your convenience, we will
email you a FedEx tracking number on all successfully processed and
shipped orders.
All Plasma TVs, DVD players, Scanners, Fax Machines, Receivers, Home
Theater, and Printers are not returnable after box is opened.

To insure the best handling of your order please allow 24-48 business
hours for the processing and the shipping of your order. Thank you for
your cooperation.

We hope you enjoy your order!  Thank you for shopping with us!
----- End text from message -----


Keywords:
0 comment(s)
Meet donald smith at SANSFIRE!
Diary Archives