Page 6 of 10

Skype malware request

PostPosted:Wed Nov 16, 2011 1:36 pm
by korczyn
Hi,

I have not a typical malware request (maybe someone will be able to help):

I am searching for viruses spreading through Skype chat, I have tested:

Worm.Win32.Skipi.b:
md5 : ED6BB008B67AF3BC5D388AB0C16F5DC1
md5 : 8527F1C84E0E137A9A3111CE40014F9C

Tofsee md5: bdd2d7f5599349a0d60a5ea5cd767550

IM-Worm.Win32.Zeroll.b md5: bade32eed7095372e90c69e44f54d41f
IM-Worm.Win32.Zeroll.g md5: 88930B337F482EB19987725686F02D90
IM-Worm.Win32.Zeroll.r md5: 062BB5D0411D9B9644C8625BDDA5A5D2

but only in case of Worm.Win32.Skipi.b I observed the spreading process...
Have you seen some viruses that actually spread through Skype chat?

It's a bit open question with no md5 and even names but I cannot find any better way to get some samples for analysis,

As far as the analysis process itself is concerned, I ve tested different Windows, Skype versions, I ve also analysed samples outside the VM cause Tofsee can detect VM and terminate its (e.g. virus) operation...

thx in advance for your help,
regards,
korczyn

FinFisher spyware wanted

PostPosted:Fri Nov 25, 2011 4:21 am
by CloneRanger
I realise this might be a tough call, but i'll ask anyway. I'm hoping to get hold of any of these.

Made by http://www.gammagroup.com & in particular FinFisher IT Intrusion http://www.finfisher.com http://www.finfisher.com/FinFisher/en/portfolio.php
fin.gif
fin.gif (7.73 KiB) Viewed 596 times
Details of such programs, for eg: in here http://www.spiegel.de/international/ger ... 59,00.html

I'm sorry i don't have the .exe etc names or MD5's etc.

I'd like to test them & see how my comp/security deals with them.

TIA

Re: Malware Requests

PostPosted:Sat Nov 26, 2011 8:17 am
by hnpl2011
I'm looking for ZeuS variant specifically targeting BlackBerry users. It's name zitmo.
This mobile malware attacks specifically targeting BlackBerry’s SMS feature.
more info:
http://blog.trendmicro.com/zeus-targets-mobile-users/
name: BBOS_ZITMO.B
MD5: hard to find MD5 :(
Anyone get the sample.Please post it here.
Thank,

Re: Malware Requests

PostPosted:Sat Nov 26, 2011 11:45 pm
by Striker
Radovan wrote:looking for driver of storm worm if anyone have
another samples in attach.

Re: Malware Requests

PostPosted:Tue Nov 29, 2011 7:14 am
by ich
Hi, I am looking for SuiConFo.apk that had been analyzed at _http://www.securelist.com/en/blog/208193261/SM ... _the_world

I cold not find the correct malware from file sharing sites.

Thanks.

Re: Malware Requests

PostPosted:Wed Nov 30, 2011 4:51 pm
by korczyn
Hello,

I m looking for the following malware (sorry for a long post, but I guess more detailed info increases my chances to get some samples):
I m searching for some families of IM worms this time targeting Yahoo IM:

1)
IM-Worm.Win32.Sohanad.bm [Kaspersky Lab]
W32/YahLover.worm.gen [McAfee]
md5: D6B9250BC52DF4C077642C7BCEAD8C92
http://www.threatexpert.com/report.aspx ... 7bcead8c92
md5: 728D0D982C5D90E6509619B102D199F3
http://www.threatexpert.com/report.aspx ... b102d199f3
md5: C427F41A9EB12166C278DA8FED8A0C4A
http://www.threatexpert.com/report.aspx ... f689f2b6b6
md5: A479CCE0018DF32AEAB725EAE097D258
http://www.threatexpert.com/report.aspx ... eae097d258

2)
IM-Worm.Win32.Ckbface.bvn [Kaspersky Lab]
md5: 0638669EF7811339BAB6D1A04E46D3E7
http://www.threatexpert.com/report.aspx ... a04e46d3e7

3)
Trojan.Termex [PCTools]
W32.Imaut.D [Symantec]
IM-Worm.Win32.Qucan.b [Kaspersky Lab]
md5: D1720CEFEE3789344ECDDB33CEA149A0
http://www.threatexpert.com/report.aspx ... 33cea149a0

4)
Email-Worm.Kelvir [PCTools]
W32.Kelvir [Symantec]
IM-Worm.Win32.VB.aw [Kaspersky Lab]
md5: 2786222A073A19F68A1B2F319E245073
http://www.threatexpert.com/report.aspx ... 319e245073

5)
Trojan-Downloader.Win32.Banload.ozg [Kaspersky Lab]
md5: E9691869D05B9CB9F54BD57390C30342
http://www.threatexpert.com/report.aspx ... 7390c30342

6)
W32.Yimfoca [Symantec]
Trojan.Win32.Buzus.erxx [Kaspersky Lab]
md5: 63D558FF97D210981DD949E96AEB260D
http://www.threatexpert.com/report.aspx ... e96aeb260d

Trojan.Win32.Jorik.SdBot.as [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 809ef14b19
md5: 6665B2838608D7DF014561809EF14B19
http://www.threatexpert.com/report.aspx ... 56abd4ff69
md5: 79B01A638EE22248D047EE56ABD4FF69
http://www.threatexpert.com/report.aspx ... 7b6ad642e8
md5: 5106EAD45A7667225060527B6AD642E8

Trojan.Win32.Agent.exdz [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 6bb2b5669e
md5: 6906CBC96BA46FDE4B4A106BB2B5669E

Backdoor.Win32.IRCBot.pso [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 3a0f55f4fc
md5: 48BC14C27E22E25DCCA42232C3D89F2D46C27033

http://www.threatexpert.com/report.aspx ... 240cc71fe3
md5: F30906DDFDB153C1D0A2C3240CC71FE3
http://www.threatexpert.com/report.aspx ... 7cab986aae
md5: BD8282316060C2EE4BB64B7CAB986AAE

IM-Worm.Win32.Yahos.il [Kaspersky Lab]
http://www.threatexpert.com/report.aspx ... 4de837ef5b
md5: E393A2FDAAAED5CAAB7B5A4DE837EF5B

thanks a lot,
korczyn

Re: Malware Requests

PostPosted:Wed Nov 30, 2011 11:20 pm
by dcmorton
Here's the three I've got.
korczyn wrote: md5: 2786222A073A19F68A1B2F319E245073
md5: E9691869D05B9CB9F54BD57390C30342
md5: F30906DDFDB153C1D0A2C3240CC71FE3

Re: Malware Requests

PostPosted:Fri Dec 09, 2011 6:40 pm
by rough_spear
Hi ich,
You might be looking for the sample attached below... ;)

password is malware.
ich wrote:Hi, I am looking for SuiConFo.apk that had been analyzed at _http://www.securelist.com/en/blog/208193261/SM ... _the_world

I cold not find the correct malware from file sharing sites.

Thanks.
Regards,

rough_spear. 8-)

Re: Android Malwares

PostPosted:Thu Jan 05, 2012 3:44 am
by drooy
I am searching Nickibot trojan
http://www.csc.ncsu.edu/faculty/jiang/NickiBot/

I already have NickySpy.A.

Searching NickySpy.B and Nickibot for android. Anyone could help me?

Re: Malware Requests

PostPosted:Thu Jan 12, 2012 4:38 am
by hnpl2011
i'm looking for samples, anyone can help:
803fbc9388203458060f354b0fd3ffe68c506275 – Backdoor:MSIL/Pontoeb.J
http://www.virustotal.com/file-scan/rep ... 1324204584
a3ca4151c31181a3b948b7cd6a1ef97754fcce22 – Backdoor:Win32/Fynloski.A
http://www.virustotal.com/file-scan/rep ... 1316878088
anyone can help me?, thank alot