6 detections (heuristic/packer) for the downloader and 5 for the payload (pinch?)

Not very encouraging at all :|


If people would like to rate the following site red for distributing the malware, be my guest (its where the main exe is downloaded from): www.siteadvisor.com/sites/124.217.248.143/

I've given up on reviewing so its up to the rest of you.
Baz | 06.02.08 - 2:22 pm | #

I didn't really notice at the time, but the downoader is absolutely tiny!

Can't you guys (vendors) knock up some heuristic to check the actions inside the .exe?....that one obviously connects to some remote server for .exe file, and does not hide the fact either.... I'm surprised prevx doesn't catch it
Baz | 06.02.08 - 6:30 pm | #