Jump to content
Lisacst

SAS blog hacked?

Recommended Posts

:shock::evil:

That is definetly an active redirect to malware(fraudware).The blogg/server almost certainly have been compromised.

I have'nt downloaded the software as of yet but it is malware type so please folks do not download it :!:

Share this post


Link to post
Share on other sites

Heres the trojan dropper that it tries to install on the redirect.

STATUS: FINISHEDComplete scanning result of "Install802.exe", received in VirusTotal at 06.23.2007, 21:01:20 (CET).

Antivirus Version Update Result

AhnLab-V3 2007.6.21.1 06.22.2007 Win-AppCare/Renos.28416.B

AntiVir 7.4.0.34 06.22.2007 TR/Renos.28416.113

Authentium 4.93.8 06.22.2007 could be infected with an unknown virus

Avast 4.7.997.0 06.23.2007 no virus found

AVG 7.5.0.476 06.23.2007 Generic5.AFL

BitDefender 7.2 06.23.2007 no virus found

CAT-QuickHeal 9.00 06.23.2007 no virus found

ClamAV devel-20070416 06.23.2007 Trojan.Fakealert-50

DrWeb 4.33 06.23.2007 Trojan.Fakealert

eSafe 7.0.15.0 06.21.2007 no virus found

eTrust-Vet 30.8.3736 06.22.2007 no virus found

Ewido 4.0 06.23.2007 Not-A-Virus.Hoax.Win32.Renos.he

FileAdvisor 1 06.23.2007 Not analyzed yet

Fortinet 2.91.0.0 06.23.2007 Misc/Renos

F-Prot 4.3.2.48 06.22.2007 no virus found

F-Secure 6.70.13030.0 06.22.2007 not-virus:Hoax.Win32.Renos.he

Ikarus T3.1.1.8 06.23.2007 not-a-virus:Hoax.Win32.Renos.hu

Kaspersky 4.0.2.24 06.23.2007 not-virus:Hoax.Win32.Renos.he

McAfee 5059 06.22.2007 no virus found

Microsoft 1.2701 06.23.2007 TrojanDownloader:Win32/Renos.gen!A

NOD32v2 2349 06.23.2007 probably a variant of Win32/Adware.SpySheriff

Norman 5.80.02 06.22.2007 Spywad.gen1

Panda 9.0.0.4 06.23.2007 Adware/SpySheriff

Prevx1 V2 06.23.2007 Downloader.Drev.A

Sophos 4.19.0 06.22.2007 no virus found

Sunbelt 2.2.907.0 06.21.2007 no virus found

Symantec 10 06.23.2007 no virus found

TheHacker 6.1.6.137 06.22.2007 no virus found

VBA32 3.12.0.2 06.23.2007 no virus found

VirusBuster 4.3.23:9 06.23.2007 no virus found

Webwasher-Gateway 6.0.1 06.22.2007 Trojan.Renos.28416.113

Aditional Information

File size: 28416 bytes

MD5: 1723a95b67d0320fb018b120500289d4

SHA1: 3e7bbcc31b2582d2f795049f82b5de150e3add71

Share this post


Link to post
Share on other sites
Would you sent that to me?

Its already in your inbox for inspection as it bypassed SAS...also I put it up onto MIRT as 50% of VT databases also did not *know* this malware either.

Share this post


Link to post
Share on other sites

I submitted this to Symantec yesterday and received a reply:

We have analyzed your submission. The following is a report of our findings for each file you have submitted:

filename: Install802.exe

machine: AVCAutomation:

result: See the developer notes

Developer notes:

Install802.exe Our automation was unable to identify any malicious content in this submission. The file will be stored for further human analysis

Share this post


Link to post
Share on other sites
I submitted this to Symantec yesterday and received a reply:

We have analyzed your submission. The following is a report of our findings for each file you have submitted:

filename: Install802.exe

machine: AVCAutomation:

result: See the developer notes

Developer notes:

Install802.exe Our automation was unable to identify any malicious content in this submission. The file will be stored for further human analysis

I used to love & swear by Symantec products starting way back when with Norton 5.0 for DOS & I even bought new copies of System Works every year with 2006 being the one I returned to the store, (yes, they took back open software!) & now I shun them.

Even NU is pretty much bloat/garbage ware.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...