What game? Trojan.Downloader-13141

I am always suspicious when I see an oversell for an attachment;

… Play this game in your attachment, 100% satisfaction!

trojan-downloader.jpg

A scan with VirusScan 8.5.0i shows nothing. Running DAT 5106 … this is the latest on our mirror, McAfee has DAT 5108! Once again our DAT mirror lets us down 😦 Skipping our mirror and updating from NAI gives the same detection as shown below.

Still suspicious I move along to ClamAV portable v0.91.2 and Gotcha!

Scan Started Thu Aug 30 10:22:08 2007
-------------------------------------------------------------------------------
C:\%path%\game.zip: Trojan.Downloader-13141 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 149596
Engine version: 0.91.2
Scanned directories: 0
Scanned files: 1
Skipped non-executable files: 0
Infected files: 1

Data scanned: 0.02 MB
Time: 4.547 sec (0 m 4 s)
--------------------------------------
Completed
--------------------------------------

Kaspersky online scan picks it up as Trojan-Downloader.Win32.Agent.cnh

Fortinet detects an infection but doesn’t identify it.

CA (VET) finds Win32/Cutwail!generic

And virustotal.com for a shot gun approach:


File game.zip received on 08.30.2007 03:02:00 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 19/32 (59.38%)

Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.29 -
AntiVir 7.4.1.66 2007.08.29 Worm/Ntech.G
Authentium 4.93.8 2007.08.29 W32/Downldr2.AOUA
Avast 4.7.1029.0 2007.08.29 Win32:Agent-KKK
AVG 7.5.0.484 2007.08.29 Downloader.Generic6.ZE
BitDefender 7.2 2007.08.30 Trojan.Kobcka.C
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91.2 2007.08.29 Trojan.Downloader-13141
DrWeb 4.33 2007.08.30 BackDoor.Bulknet.60
eSafe 7.0.15.0 2007.08.29 -
eTrust-Vet 31.1.5095 2007.08.30 Win32/Cutwail!generic
Ewido 4.0 2007.08.29 -
FileAdvisor 1 2007.08.30 -
Fortinet 3.11.0.0 2007.08.29 W32/Agent.CEO!tr.dldr
F-Prot 4.3.2.48 2007.08.29 W32/Downldr2.AOUA
F-Secure 6.70.13030.0 2007.08.30 Trojan-Downloader.Win32.Agent.cnh
Ikarus T3.1.1.12 2007.08.30 Win32.Outbreak
Kaspersky 4.0.2.24 2007.08.30 Trojan-Downloader.Win32.Agent.cnh
McAfee 5108 2007.08.29 Spy-Agent.bv.dldr
Microsoft 1.2803 2007.08.30 -
NOD32v2 2491 2007.08.30 a variant of Win32/TrojanDownloader.Agent.BRK
Norman 5.80.02 2007.08.29 -
Panda 9.0.0.4 2007.08.29 -
Prevx1 V2 2007.08.30 -
Rising 19.38.22.00 2007.08.29 -
Sophos 4.21.0 2007.08.29 Troj/Agent-GBX
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.30 Trojan.Pandex
TheHacker 6.1.9.175 2007.08.29 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.29 Trojan.DL.Agent.Gen.8
Webwasher-Gateway 6.0.1 2007.08.29 Worm.Ntech.G

Additional information
File size: 19535 bytes
MD5: ae40360f22fe752249725ae43857e7ce
SHA1: 1623939307fa72120ee08ef647a32aa0ee40a0c1

[1] Trojan-Downloader:W32/Agent.CMK poorly detected [CastleCops]
[2] Pros and Cons of Free Online Virus Scanners [Productivity Portfolio]

This entry was posted in security. Bookmark the permalink.

1 Response to What game? Trojan.Downloader-13141

  1. Pingback: Angelina Jolie is popular in Trojan land « Visible Procrastinations

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.