Skip navigation.
Home

Malware

Trojan.Randsom.A

| |

Has anyone come across a sample of Trojan.Randsom.A ( http://www.symantec.com/avcenter/venc/data/trojan.randsom.a.html )? I have been looking for a copy and have been unsuccessful in my search.

Thanks for your help.

-n

Seeking Netsky.a (or variants) full source code for serious research

| |

I've been running into many proverbial brick walls trying to track this down and I know it's public. I believe I use to have it but figuring out which hard drive it "might" have been on is a daunting task especially at the moment. I can only hook 2 HD's up to one pc at a time(of 2 pc's total at the moment) so it is a bit of a pain. I am not in the business of spreading viruses and not some script kiddie. I am 34yrs old not 14 okay. ;) I have read papers and descriptions on the pest and some of it's variants. Some info was useful depending on technical level and depth of study but this is no substitute for the actual original source code or any variant's sources that may be public. A true understanding would only be best grasped by source code not a general idea of the routes and methods of infection and I seek a whole understanding and collect source codes. Please do not suggest a document on the subject (pdf,ppt, word doc or other) I probably have it already or could find it easily, but thanks. If someone has it I would apreciate a link or upload of attachment here or if for some reason, though doubtful, you are more inclined to want to use email than mine is:

SymbOS Comwarrior worm

| |

Thanks very much to scarlett pimpernell

CHECKSUMS
-----------------------------------------------
MD5SUM: de57a980017ae21b1a75a2e00c77535e
SHA1SUM: f42490d586a667a298989e007942743c91acf353
SHA256SUM: 1efd49473012ad3c1c849cd58b13132bedf3cb307bbcb52a3499d5584a44e456
-----------------------------------------------

-----------------------------------------------
Kapersky: Worm.SymbOS.Comwar.c
ClamAV: SymbOS.Worm.ComWar.C

SymbOS.Commwarrior.C is a worm that replicates on Series 60 phones. It attempts to spread using Bluetooth, Multimedia Messaging Service (MMS), and Multmedia Cards (MMC) as a randomly named .sis file. It has been reported that one of the possible file names is SymCommander_1_06.sis.

Trojan.IRCBot-93

I picked up this on from the email I received. It had URL to a site hosting the .exe (postcard.jpg.exe) and I got a chance to download the malware.
--
Clamav: Trojan.IRCBot-93
Kapersky (online):

  • postcard.jpg.exe/data.rar/script.ini - infected
    by Backdoor.IRC.Zapchast
  • postcard.jpg.exe/data.rar/svchost.exe - infected by Virus.Win32.Parite.b

  • postcard.jpg.exe/data.rar/sup.reg - infected by Backdoor.IRC.Zapchast

MD5 c28241011e094ae2435988006ec108db
SHA-1 a75babdb303cf5160bcd068ae6c711bd5b5f565e

Note: It's quite interesting to see that Kapersky extracts other files in the *.exe.

Win32.Polipos

| |

Anyone have any samples of this please?

/frog

Create Your Own Virus Kit!

Offensive Computing proudly presents, the create your own virus webpage. We've noticed that the quality of viruses being created have gone down considerably. Who can blame the VX writers? Writing code is hard, especially after being awake for 16 days straight. To help you gain street cred use the Offensive Computing Virus Builder 9000

1337 vX n4m3:

Exploit Method:

Covertness:

Worm.P2P.Capside.C

ClamAV 0.88/1333/Wed Mar 15 06:57:53 2006: Worm.P2P.Capside.C
Kaspersky: P2P-Worm.Win32.Capside.d

MD5: 3ca444c74d4f7c32315cb3cc439e6a6b
SHA1: 50ced47778e9083f727f01902da13fe5733ed8fd

-aaw,kl

Bagel.AE

MD5: a867d1287d7c51846ec65c855413e2a2
SHA1: 6604c6fa897139e2c4647cc342a683d72846dbeb

Antivirus Version Update Result
AntiVir 6.34.0.53 03.16.2006 Worm/Bagle.gen
Avast 4.6.695.0 03.16.2006 Win32:Beagle-IH
AVG 718 03.16.2006 Win32/Sality
Avira 6.34.0.53 03.16.2006 Worm/Bagle.gen
BitDefender 7.2 03.16.2006 Win32.Bagle.FJ@mm
CAT-QuickHeal 8.00 03.14.2006 I-Worm.Bagle.ae
ClamAV devel-20060126 03.16.2006 Worm.Bagle.CT
DrWeb 4.33 03.16.2006 Win32.HLLM.Beagle.27136
eTrust-InoculateIT 23.71.103 03.16.2006 Win32/Bagle.DW!Worm
eTrust-Vet 12.4.2121 03.16.2006 Win32/Bagle.DW
Ewido 3.5 03.16.2006 no virus found

Mydoom.BB

MD5: f28a4c0f855afdf35d3d6fe541bbb881
SHA1: c47efe5311eb5e792064d068044197ef1f25850d

Ganda.A

MD5: 6009b3fd7cc7fc126d6236069230fdaa

SHA1: 57e67715c7dac5e6c7419decd083a91a36613b18

Antivirus Version Update Result
AntiVir 6.34.0.53 03.16.2006 Worm/Mydoom.BB
Avast 4.6.695.0 03.16.2006 Win32:Mydoom-AM
AVG 718 03.16.2006 I-Worm/Mydoom.AP
Avira 6.34.0.53 03.16.2006 Worm/Mydoom.BB
BitDefender 7.2 03.16.2006
Antivirus Version Update Result
AntiVir 6.34.0.53 03.15.2006 Worm/Ganda
Avast 4.6.695.0 03.14.2006 Win32:Ganda-B
AVG 718 03.15.2006 I-Worm/Ganda
Avira 6.34.0.53 03.15.2006 Worm/Ganda
BitDefender 7.2 03.15.2006 Win32.Ganda.A@mm
CAT-QuickHeal 8.00 03.14.2006 W32.Ganda.A
ClamAV devel-20060126 03.15.2006 Worm.Ganda-A
DrWeb 4.33 03.15.2006 Win32.Roger.45056
eTrust-InoculateIT 23.71.102 03.15.2006 Win32/Ganda.A!Worm
eTrust-Vet 12.4.2120 03.15.2006 Win32/Ganda.A
Ewido 3.5 03.15.2006 Worm.Ganda
Fortinet 2.71.0.0 03.15.2006 W32/Ganda.A-mm
F-Prot 3.16c 03.14.2006 W32/Ganda.A@mm
Ikarus 0.2.59.0 03.15.2006 Email-Worm.Win32.Ganda
Kaspersky 4.0.2.24 03.15.2006 Email-Worm.Win32.Ganda
McAfee 4719 03.15.2006 W32/Ganda@MM
NOD32v2 1.1444 03.15.2006 Win32/Ganda.A
Norman 5.70.10 03.15.2006 W32/Ganda.A@mm
Panda 9.0.0.4 03.15.2006 W32/Ganda.A
Sophos 4.03.0 03.15.2006 W32/Ganda-A
Symantec 8.0 03.15.2006 W32.Ganda.A@mm
TheHacker 5.9.5.113 03.15.2006 W32/Ganda@MM
UNA 1.83 03.15.2006 I-Worm.Ganda
VBA32 3.10.5 03.15.2006 Email-Worm.Win32.Ganda
Syndicate content