Author Topic: New malware found on-line: video-plugin.45158.exe  (Read 3434 times)

0 Members and 1 Guest are viewing this topic.

March 17, 2010, 06:14:03 pm
Read 3434 times

ohmniscient

  • Full Member

  • Offline
  • ***

  • 46
    • Report-IT Anti-Malware/Phishing Group
Well...
Take care if you wanna see the oscar...

hxxp://tubezz.org/oscar2010 asks you to update your active-x plugin, which redirects to
hxxp://thetubestores.com/xplays.php?id=45158 redirects to
hxxp://update-center.net/microsoft/get_update.php?sid=2 redirects to
hxxp://besttoolsonline.com/video-plugin.45158.exe - the fucking malware

detected by 13/42

a-squared   4.5.0.50   2010.03.17   -
AhnLab-V3   5.0.0.2   2010.03.17   Win-Trojan/Mdjob.98816
AntiVir   8.2.1.194   2010.03.17   -
Antiy-AVL   2.0.3.7   2010.03.17   -
Authentium   5.2.0.5   2010.03.17   W32/FraudPack.E!Generic
Avast   4.8.1351.0   2010.03.17   -
Avast5   5.0.332.0   2010.03.17   -
AVG   9.0.0.787   2010.03.17   -
BitDefender   7.2   2010.03.17   Trojan.Generic.KD.4269
CAT-QuickHeal   10.00   2010.03.17   -
ClamAV   0.96.0.0-git   2010.03.17   -
Comodo   4296   2010.03.17   -
DrWeb   5.0.1.12222   2010.03.17   Trojan.DownLoader1.2679
eSafe   7.0.17.0   2010.03.17   -
eTrust-Vet   35.2.7369   2010.03.17   Win32/FakeAlert.C!generic
F-Prot   4.5.1.85   2010.03.17   W32/FraudPack.E!Generic
F-Secure   9.0.15370.0   2010.03.17   Trojan-Downloader:W32/Renos.gen!C
Fortinet   4.0.14.0   2010.03.15   -
GData   19   2010.03.17   Trojan.Generic.KD.4269
Ikarus   T3.1.1.80.0   2010.03.17   -
Jiangmin   13.0.900   2010.03.17   -
K7AntiVirus   7.10.1000   2010.03.17   -
Kaspersky   7.0.0.125   2010.03.17   -
McAfee-GW-Edition   6.8.5   2010.03.17   -
Microsoft   1.5605   2010.03.17   -
NOD32   4952   2010.03.17   a variant of Win32/Kryptik.DCC
Norman   6.04.08   2010.03.17   -
nProtect   2009.1.8.0   2010.03.17   -
Panda   10.0.2.2   2010.03.17   -
PCTools   7.0.3.5   2010.03.17   -
Prevx   3.0   2010.03.17   Medium Risk Malware Dropper
Rising   22.39.02.04   2010.03.17   -
Sophos   4.51.0   2010.03.17   Mal/FakeAV-CO
Sunbelt   5936   2010.03.17   -
Symantec   20091.2.0.41   2010.03.17   Suspicious.Insight
TheHacker   6.5.2.0.236   2010.03.17   -
TrendMicro   9.120.0.1004   2010.03.17   TROJ_RENOS.SMPE
VBA32   3.12.12.2   2010.03.17   -
ViRobot   2010.3.17.2232   2010.03.17   -
VirusBuster   5.0.27.0   2010.03.16   -
Report-IT Anti-Malware/Phishing Group: http://report-it.webs.com

March 17, 2010, 06:59:41 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
please enclose all malicious url in code tags (# button) or change http to hxxp.

visitors can click accidentally on these links and infect their machines.

thank you.
Ruining the bad guy's day