• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware
Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

New variant W32/Feebs found

Myantispyware team February 22, 2006    

A new variant of W32/Feebs is making the rounds. Fellow handler Bojan has spent quite some time with de-obfuscating the JavaScript and VB code, and we’re still looking at what it does besides downloading base64 encoded versions of W32/Feebs. You might want to block access to

*.coconia.net
*.by.ru
*.kazan.bz
*.t35.com
*.freecoolsite.com
*.nm.ru

until the AV vendors have the patterns lined up.

New varian spreads as an email with subject “Secure Message from GMail.com user“, and contains a ZIP attachment (data.zip in the sample at hand), which in turn contains a file “Encrypted Html File.hta”, which contains the heavily obfuscated Javascript exploit code that triggers the W32/Feebs download from the above sites.

Update:
AV detection is available by now

BitDefender|7.2|02.22.2006|Win32.Worm.Feebs.1.Gen
Kaspersky|4.0.2.24|02.22.2006|Worm.Win32.Feebs.cb
McAfee|4703|02.22.2006|W32/Feebs.gen@MM
Panda|9.0.0.4|02.22.2006|Suspicious file
Sophos|4.02.0|02.22.2006|W32/Feebs-Gen
Symantec|8.0|02.22.2006|W32.Feebs

Thanks to SansBlog

Virus

 Previous Post

Multiple vulnerabilities in WinAmp – Affected all versions (including 5.13)

Next Post 

New rogue Anti Spyware – “The Spyware Shield”

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Sawerex.com Bitcoin Promo Code Scam: What You Should Know
Fuqex.com’s Bitcoin Promo Code: Scam Tactics Uncovered
Bitup.one Mr Beast Bitcoin Promo Code: A Crypto Scam Analysis
The Bittvine.com Bitcoin Scam: Understanding the Promo Code Rip-off
How to remove Oppush2.space pop-up ads

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
Malwarebytes won’t install, run or update – How to fix it
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide

Recent Guides

Multiple vulnerabilities in WinAmp – Affected all versions (including 5.13)
Leap.A – Worm for Mac OS X
Found DVD disks contains a copy protection mechanism which uses rootkit-like cloaking technology.
Exploit for Vulnerability in Windows Media Player has been released
Adware SE 14.02.2006 update now available

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.