Our reader, Micheal, has notified us a website which could cause users to download a malware.
http:// c n n w a r n e w s . c o m/ A lookup at the domain shown that it is a newly registered domain (registered date is 12 Oct 06). The website will load a normal webpage from an australian news website (through using frame). It will also however attempt to open a malware from another site. http:// z a g e v q s o i i .b i z /dl/l o a d a d v 4 3 3 . e x e VirusTotal shows the result of this malware: Antivirus Version Update Result AntiVir 7.2.0.30 10.13.2006 TR/Dldr.Small.dib.6 Authentium 4.93.8 10.13.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus Avast 4.7.892.0 10.13.2006 Win32:Small-BSO AVG 386 10.13.2006 Downloader.Harnig.AM BitDefender 7.2 10.14.2006 DeepScan:Generic.Malware.dld!!g.07E540DB CAT-QuickHeal 8.00 10.14.2006 no virus found ClamAV devel-20060426 10.13.2006 Trojan.Downloader.Small-2840 eTrust-InoculateIT 23.73.22 10.13.2006 Win32/SillyDL!Trojan eTrust-Vet 30.3.3131 10.13.2006 Win32/Harnig!generic DrWeb 4.33 10.14.2006 Trojan.DownLoader.13549 Ewido 4.0 10.13.2006 no virus found Fortinet 2.82.0.0 10.14.2006 W32/Dowadv.CU!tr.dldr F-Prot 3.16f 10.13.2006 Possibly a new variant of W32/Downloader-Sml-based!Maximus F-Prot4 4.2.1.29 10.13.2006 W32/Downloader-Sml-based!Maximus Ikarus 0.2.65.0 10.13.2006 no virus found Kaspersky 4.0.2.24 10.14.2006 Trojan-Downloader.Win32.Harnig.cu McAfee 4873 10.13.2006 no virus found Microsoft 1.1603 10.14.2006 TrojanDownloader:Win32/Vxidl NOD32v2 1.1803 10.13.2006 a variant of Win32/TrojanDownloader.Small.DIB Norman 5.80.02 10.13.2006 W32/DLoader.gen2 Panda 9.0.0.4 10.14.2006 Suspicious file Sophos 4.10.0 10.13.2006 no virus found TheHacker 6.0.1.098 10.14.2006 Trojan/Downloader.Tibs.gen UNA 1.83 10.13.2006 no virus found VBA32 3.11.1 10.13.2006 suspected of Downloader.Small.3 (paranoid heuristics) VirusBuster 4.3.7:9 10.13.2006 Trojan.DL.Harnig.Gen.3 It just shown that seemly harmless website may not be that harmless at all. You should be extremely vigilant when visiting unfamiliar websites. If in doubt, it is always good to tighten your browser configuration (e.g. disable Java/ Java script/ ActiveX) before making any attempts to visit the site. This is of course assuming you have the usual security measures in place (latest patch, virus definition etc.). |
Koon Yaw 68 Posts Oct 14th 2006 |
Thread locked Subscribe |
Oct 14th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!