Sponsored by..

Tuesday 28 August 2007

"Vegas Casino World" trojan

This is yet another variant of the Storm worm which has been sending out bogus postcard notifications and the like for some time now. The email is completely bogus and is not related to any real organisation with the name "Vegas Casino World" or similar variants.

Subject: Could you give us a hand?

We could sure use your opinion of our new program Vegas Casino World

Your help will get us ready for our market release. For helping out, you
will receive a free edition and 5 years of updates.

Just download the program, Check it out, and let us know your opinion.
Ready to be a beta tester? Just follow the link to our easy download
center: http://aa.bb.cc.dd/setup.exe
This is fairly widely detected by AV scanners, apart from McAfee. VirusTotal detects it as the following:

File setup.exe received on 08.28.2007 16:33:57 (CET)
AntivirusVersionLast UpdateResult
AhnLab-V32007.8.29.02007.08.28-
AntiVir7.4.1.632007.08.28WORM/Zhelatin.Gen
Authentium4.93.82007.08.28Possibly a new variant of W32/Fathom.3-based!Maximus
Avast4.7.1029.02007.08.27Win32:Tibs-BFG
AVG7.5.0.4842007.08.27Downloader.Tibs.7.X
BitDefender7.22007.08.28DeepScan:Generic.Zlob.38F48A71
CAT-QuickHeal9.002007.08.25(Suspicious) - DNAScan
ClamAV0.91.22007.08.28Trojan.Small-3637
DrWeb4.332007.08.28Trojan.Packed.142
eSafe7.0.15.02007.08.28Win32.Zhelatin.hq
eTrust-Vet31.1.50912007.08.28Win32/Sintun.AE
Ewido4.02007.08.28Worm.Zhelatin.hq
FileAdvisor12007.08.28-
Fortinet2.91.0.02007.08.28W32/Tibs.GN@mm
F-Prot4.3.2.482007.08.28W32/Fathom.3-based!Maximus
F-Secure6.70.13030.02007.08.28Email-Worm.Win32.Zhelatin.hs
IkarusT3.1.1.122007.08.28Email-Worm.Win32.Zhelatin.hq
Kaspersky4.0.2.242007.08.28Email-Worm.Win32.Zhelatin.hs
McAfee51062007.08.27-
Microsoft1.28032007.08.28Trojan:Win32/Tibs.DV
NOD32v224882007.08.28Win32/Nuwar.Gen
Norman5.80.022007.08.28W32/Tibs.ASFB
Panda9.0.0.42007.08.28-
Prevx1V22007.08.28-
Rising19.38.12.002007.08.28-
Sophos4.21.02007.08.28Mal/Dorf-E
Sunbelt2.2.907.02007.08.25VIPRE.Suspicious
Symantec102007.08.28Trojan.Packed.13
TheHacker6.1.9.1752007.08.28W32/Zhelatin.genw
VBA323.12.2.32007.08.28-
VirusBuster4.3.26:92007.08.27Trojan.Tibs.Gen!Pac.132
Webwasher-Gateway6.0.12007.08.28Worm.Zhelatin.Gen

Additional information
File size: 140367 bytes
MD5: 1ef03f4830c530799c57d67e1ccadc59
SHA1: 7d4677db2b158ba0296d112a696fecf2880167bd
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

No comments: