To Symantec Tecnical Support
whay after 5 year worm vbs autorun.a spread on internet common Symantec Product (SEP 11.0.6 - NIS 2010 - N360) with last rapid releasu update not detect this malware.
i tray submit to
http://submit.symantec.com/basic web 2 year ago and add to SEP 11.0.5 Quarantin on 2009 & no respond still not detec (blind).
then i am send to "ThreatExpert" & I got report :
"ThreatExpert"
Technical Details:
File System Modifications
The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 %Temp%\untitled4.vbe
%Temp%\untitled5.vbe
%Temp%\untitled6.vbe
%Temp%\untitled7.vbe 10.164 bytes MD5: 0xEFE528483FD3C6ED75A8C1E016026E10
SHA-1: 0x0DF78E3988D7FAD76F1DDA5A149D1EE685D065DB Worm.VBS.Autorun.a [Kaspersky Lab]
VBS/Sasan-Fam, VBS/Sasan-N [Sophos]
2 [file and pathname of the sample #1] 22.374 bytes MD5: 0x9823C0CC50CECD66DAAAB8DB918EB8A2
SHA-1: 0xD5816053EF6624166F2BB2C1C0019A51976EFDDB Worm.VBS.Autorun.a [Kaspersky Lab]
Note:
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
Submission Summary:
Submission details:
Submission received: 24 April 2010, 22:24:29
Processing time: 9 min 8 sec
Submitted sample:
File MD5: 0x9823C0CC50CECD66DAAAB8DB918EB8A2
File SHA-1: 0xD5816053EF6624166F2BB2C1C0019A51976EFDDB
Filesize: 22.374 bytes
Alias: Worm.VBS.Autorun.a [Kaspersky Lab]
this not false positive itray by my self & malware contain payload, damage all office document, create autorun inf on root derectory, hide folder option menu.
Should i post malware to the this forum ?
thank's