Baidu Antivirus captured a infection type worm

[ttrobert]

Baidu antivirus team antivirus monitoring network captured a infection type worm,in addition to the spread of infection through the file, but also through e-mail attachments, network shares, removable drives and CD burners to spread.

Virus infomations:

Virus Name: Worm.Win32.Mabezat.Al

Virus Alias: Worm.Win32.Mabezat.b

Virus Type: worm infection type

Sample Length: 244,079 bytes

Sample MD5: ******

Sample SHA1: ******

File Type: PE_EXE

Original file name: N / A

First appearance time :2013 -07-31

Infection Range: N / A

Target of Infection: Windows

Here is analysis report in detail:
http://forum.bav.baidu.com/bbs/topic/100700/1/

 

[aztony]

We recommend you install BAV to prevent this worm.
http://antivirus.baidu.com

Some of these Chinese AV companies have a dubious history of creating malware to herd users into their product(s)

 

[Littlebits]

Very strange that Baidu is just now detecting it, it was detected back on Oct 07, 2008 by Microsoft. The latest variant was detected by Microsoft on Jan 14, 2013.

Microsoft Security Essentials, Windows Defender and Kaspersky (Worm.Win32.Mabezat.b) currently detects and blocks the latest variant of this infection unless this is a new variant which I doubt it is since Baidu failed to list the Sample MD5 and SHA1 data which is important to identify malware.

The older variant is detected and blocked by:
Win32/Mabez_inf (AVG)
INF/Mabezat.B (CA)
Win32/Mabezat.A (ESET)
IS/Mabezat.A (Frisk (F-Prot))
Worm.Win32.Mabezat.b (Kaspersky)
Text/Mabezat.B (Norman)
W32/Mabezat.C.worm (Panda)
W32/Wazner-A (Sophos)
W32.Mabezat.B (Symantec)
Mal_Otorun1 (Trend Micro)
Worm:Win32/Mabezat.B (Microsoft)

Thanks.