rich...@buzzhost.co.uk schrieb:
On Mon, 2009-11-16 at 00:07 +0100, Ralph Bornefeld-Ettmann wrote:
rich...@buzzhost.co.uk schrieb:
Is anyone else seeing an influx of spam with a zip attachment
balancechecker.zip?
This contains a windows executable, balancechecker.exe, which appears to
be testing clean with clam and others.
I'm inclined to think it's *not* clean and is viral.
EXAMPLE
http://pastebin.com/m730f90e9
I really do not think it is clean. It really sounds like a typical bogus
mail.
see also here :
http://www.sophos.com/blogs/gc/g/2009/11/13/email-vodafone-limit-credit-balance-beware/
It is now starting to get picked up and I can see that it was reported
at totalvirus on Friday. Yesterday it was passing many checkers as
clean, including CLAMAV - which by it's free nature - finds its way into
many gateway scanners.
This morning, however, is a different tale:
balancechecker.exe: Trojan.Zbot-6437 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 649889
Engine version: 0.95.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.02 MB
Data read: 0.02 MB (ratio 1.00:1)
Time: 2.682 sec (0 m 2 s)
For me such mails are simply a logical question : "Why should I run a
program to check my balance?"
But I normally I do not ask for logical thinking after my users also
tend to look for useable content in mails with subjects like "Do you
want ro f--k me?" :-)
Cheers
Ralph
