Author Topic: Is Avast finding Zeus3 (Read 9763 times)

Asyn · « **Reply #15 on:** August 17, 2010, 09:27:29 AM »

Quote from: iRanzel on August 17, 2010, 02:15:44 AM

Virustotal results here

Is VT down..??
Can't reach it...
asyn

DavidR · « **Reply #16 on:** August 17, 2010, 03:41:59 PM »

Whilst this is a long time after your post, VT isn't down but it is very slow in loading right now, but the delay seems to be in ajax.googleapis.com, see image.

wompa · « **Reply #17 on:** August 17, 2010, 05:43:53 PM »

How widespread is Zeus3?

iRonzel · « **Reply #18 on:** August 18, 2010, 03:18:14 AM »

Quote from: Asyn on August 17, 2010, 09:27:29 AM

Quote from: iRanzel on August 17, 2010, 02:15:44 AM
Virustotal results here

Is VT down..??
Can't reach it...
asyn

New upload and link:

http://www.virustotal.com/file-scan/report.html?id=543d5d279e1c24f0f89e4e7a3d8411b0a58a6c3d95ef66f9c540a52f1082aa34-1282095086

Edit: The results from the first time that I uploaded the file was 2/41

Edit: One day diferrence; 19 AV detecting it

iRonzel · « **Reply #19 on:** August 18, 2010, 03:23:02 AM »

Ummm! i can see it try again:

http://www.virustotal.com/file-scan/report.html?id=543d5d279e1c24f0f89e4e7a3d8411b0a58a6c3d95ef66f9c540a52f1082aa34-1281999854

polonus · « **Reply #20 on:** August 18, 2010, 11:32:10 PM »

Hi iRanzel,

This is a proactive Heuristic Detection, which may be triggered by a file that behaves in a suspicious manner indicative of malware infection.

polonus

mkis · « **Reply #21 on:** August 19, 2010, 12:57:34 AM »

Additional detalis on F-secure's Suspicious: Gemini

Quote

Suspicious:W32/Malware!Gemini is a proactive Heuristic Detection, which may be triggered by a file that behaves in a suspicious manner indicative of malware infection.

http://www.f-secure.com/v-descs/suspicious_w32_malware!gemini.shtml

Summary - Suspicious:W32/Malware!Gemini

Quote

The file appears to be performing suspicious or potentially undesirable actions on the system. This may potentially indicate the presence of a malware infection, or that the suspect file is malicious.

mkis · « **Reply #22 on:** August 19, 2010, 01:29:39 AM »

In the Ikarus detection the identification zbot has no further qualifier

such as with zbot.ikh http://www.securelist.com/en/descriptions/Trojan-Spy.Win32.Zbot.ikh
or with zbot.PI http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS:Win32/Zbot.PI

so probably look to the generic grouping which are banker trojans http://www.f-secure.com/v-descs/trojan-spy_w32_zbot.shtml
and for good measure http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99

So careful
But Ikarus give no indication of where the zbot ID has come from and their info center offers no further insight. Considering the zbot DNA has been out for a while now, I think you would expect a few more AVs to make detections, if not provide more specific data on the zbot ID.

But as I say be careful. What gives you the idea that is Zeus v2

Author Topic: Is Avast finding Zeus3 (Read 9763 times)

Asyn

Re: Is Avast finding Zeus3

DavidR

Re: Is Avast finding Zeus3

wompa

Re: Is Avast finding Zeus3

iRonzel

Re: Is Avast finding Zeus3

iRonzel

Re: Is Avast finding Zeus3

polonus

Re: Is Avast finding Zeus3

mkis

Re: Is Avast finding Zeus3

mkis

Re: Is Avast finding Zeus3