This is yet another variant of the Storm worm which has been sending out bogus postcard notifications and the like for some time now. The email is completely bogus and is not related to any real organisation with the name "Vegas Casino World" or similar variants.
Subject: Could you give us a hand?
We could sure use your opinion of our new program Vegas Casino World
Your help will get us ready for our market release. For helping out, you
will receive a free edition and 5 years of updates.
Just download the program, Check it out, and let us know your opinion.
Ready to be a beta tester? Just follow the link to our easy download
center: http://aa.bb.cc.dd/setup.exe
This is fairly widely detected by AV scanners, apart from McAfee.
VirusTotal detects it as the following:
| File setup.exe received on 08.28.2007 16:33:57 (CET) |
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2007.8.29.0 | 2007.08.28 | - |
| AntiVir | 7.4.1.63 | 2007.08.28 | WORM/Zhelatin.Gen |
| Authentium | 4.93.8 | 2007.08.28 | Possibly a new variant of W32/Fathom.3-based!Maximus |
| Avast | 4.7.1029.0 | 2007.08.27 | Win32:Tibs-BFG |
| AVG | 7.5.0.484 | 2007.08.27 | Downloader.Tibs.7.X |
| BitDefender | 7.2 | 2007.08.28 | DeepScan:Generic.Zlob.38F48A71 |
| CAT-QuickHeal | 9.00 | 2007.08.25 | (Suspicious) - DNAScan |
| ClamAV | 0.91.2 | 2007.08.28 | Trojan.Small-3637 |
| DrWeb | 4.33 | 2007.08.28 | Trojan.Packed.142 |
| eSafe | 7.0.15.0 | 2007.08.28 | Win32.Zhelatin.hq |
| eTrust-Vet | 31.1.5091 | 2007.08.28 | Win32/Sintun.AE |
| Ewido | 4.0 | 2007.08.28 | Worm.Zhelatin.hq |
| FileAdvisor | 1 | 2007.08.28 | - |
| Fortinet | 2.91.0.0 | 2007.08.28 | W32/Tibs.GN@mm |
| F-Prot | 4.3.2.48 | 2007.08.28 | W32/Fathom.3-based!Maximus |
| F-Secure | 6.70.13030.0 | 2007.08.28 | Email-Worm.Win32.Zhelatin.hs |
| Ikarus | T3.1.1.12 | 2007.08.28 | Email-Worm.Win32.Zhelatin.hq |
| Kaspersky | 4.0.2.24 | 2007.08.28 | Email-Worm.Win32.Zhelatin.hs |
| McAfee | 5106 | 2007.08.27 | - |
| Microsoft | 1.2803 | 2007.08.28 | Trojan:Win32/Tibs.DV |
| NOD32v2 | 2488 | 2007.08.28 | Win32/Nuwar.Gen |
| Norman | 5.80.02 | 2007.08.28 | W32/Tibs.ASFB |
| Panda | 9.0.0.4 | 2007.08.28 | - |
| Prevx1 | V2 | 2007.08.28 | - |
| Rising | 19.38.12.00 | 2007.08.28 | - |
| Sophos | 4.21.0 | 2007.08.28 | Mal/Dorf-E |
| Sunbelt | 2.2.907.0 | 2007.08.25 | VIPRE.Suspicious |
| Symantec | 10 | 2007.08.28 | Trojan.Packed.13 |
| TheHacker | 6.1.9.175 | 2007.08.28 | W32/Zhelatin.genw |
| VBA32 | 3.12.2.3 | 2007.08.28 | - |
| VirusBuster | 4.3.26:9 | 2007.08.27 | Trojan.Tibs.Gen!Pac.132 |
| Webwasher-Gateway | 6.0.1 | 2007.08.28 | Worm.Zhelatin.Gen |
|
| Additional information |
| File size: 140367 bytes |
| MD5: 1ef03f4830c530799c57d67e1ccadc59 |
| SHA1: 7d4677db2b158ba0296d112a696fecf2880167bd |
| Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. |
No comments:
Post a Comment