On Mon, 2009-11-16 at 00:07 +0100, Ralph Bornefeld-Ettmann wrote: > rich...@buzzhost.co.uk schrieb: > > Is anyone else seeing an influx of spam with a zip attachment > > balancechecker.zip? > > > > This contains a windows executable, balancechecker.exe, which appears to > > be testing clean with clam and others. > > > > I'm inclined to think it's *not* clean and is viral. > > > > EXAMPLE > > http://pastebin.com/m730f90e9 > > > > > > I really do not think it is clean. It really sounds like a typical bogus > mail. > > see also here : > http://www.sophos.com/blogs/gc/g/2009/11/13/email-vodafone-limit-credit-balance-beware/ > It is now starting to get picked up and I can see that it was reported at totalvirus on Friday. Yesterday it was passing many checkers as clean, including CLAMAV - which by it's free nature - finds its way into many gateway scanners.
This morning, however, is a different tale: balancechecker.exe: Trojan.Zbot-6437 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 649889 Engine version: 0.95.3 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.02 MB Data read: 0.02 MB (ratio 1.00:1) Time: 2.682 sec (0 m 2 s)
