Attached is a sample of a new rogue (I believe).

Someone wanna confirm this?
I've sent this file to Avira for them to check but with the holiday it might be a day or two. I'll post back with their results.


hxxp://malwarecrush.com/

File mc-installer.exe received on 12.24.2007 03:02:10 (CET)


Antivirus;Version;Last Update;Result
AhnLab-V3;2007.12.22.10;2007.12.21;-
AntiVir;7.6.0.46;2007.12.23;-
Authentium;4.93.8;2007.12.23;-
Avast;4.7.1098.0;2007.12.23;-
AVG;7.5.0.516;2007.12.23;-
BitDefender;7.2;2007.12.24;-
CAT-QuickHeal;9.00;2007.12.22;-
ClamAV;0.91.2;2007.12.24;-
DrWeb;4.44.0.09170;2007.12.23;-
eSafe;7.0.15.0;2007.12.23;-
eTrust-Vet;31.3.5395;2007.12.21;-
Ewido;4.0;2007.12.23;-
FileAdvisor;1;2007.12.24;-
Fortinet;3.14.0.0;2007.12.23;-
F-Prot;4.4.2.54;2007.12.23;-
F-Secure;6.70.13030.0;2007.12.24;-
Ikarus;T3.1.1.15;2007.12.24;-
Kaspersky;7.0.0.125;2007.12.24;-
McAfee;5191;2007.12.21;-
Microsoft;1.3109;2007.12.24;-
NOD32v2;2744;2007.12.23;Win32/Adware.SpywareQuake
Norman;5.80.02;2007.12.21;-
Panda;9.0.0.4;2007.12.23;-
Prevx1;V2;2007.12.24;-
Rising;20.23.62.00;2007.12.23;-
Sophos;4.24.0;2007.12.23;-
Sunbelt;2.2.907.0;2007.12.21;-
Symantec;10;2007.12.24;-
TheHacker;6.2.9.168;2007.12.22;-
VBA32;3.12.2.5;2007.12.22;-
VirusBuster;4.3.26:9;2007.12.23;-
Webwasher-Gateway;6.6.2;2007.12.24;-

Additional information
File size: 5656371 bytes
MD5: 925a9f07451375d229d431c103a1df18
SHA1: 249f24dbfdcfa017d382348b8e4445c904b00b4f
PEiD: -
packers: Armadillo

I've sent the file to AntiVir and Kaspersky. If they confirm that this file is malware I'll add it to the malware listserv.

See some related information here, if you've not already:

http://www.threatexpert.com/report.aspx?uid=cbea8c6c-8030-4f98-99b0-a1ae99621fea

AntiVir and Kaspersky have confirmed that this is malware.

not-a-virus:FraudTool.Win32.MalwareCrush (Kaspersky)