Donnerstag, 28. Januar 2010

Vorsicht bei UPS EMail

Hallo,
wieder mal sind Emails unterwegs die im Anhang einen
gepackten Trojaner verteilen.

Betreff: UPS Delivery Problem NR xxxxx.

Inhalt:

Dear customer!

We failed to deliver the postal package you have sent on the 20th of January in time
because the recipient’s address is erroneous.
Please print out the invoice copy attached and collect the package at our department.

United Parcel Service of America.

Im Anhang befindet sich eine ZIP Datei:

UPS_invoice_NRxxxx.zip

Die Nummern von Anhang und Betreff sind unterschiedlich.

Weitere Infos folgen...

[ file data ]
* name..: UPS_invoice_NR4567.zip
* size..: 31262
* md5...: 3d2e273809dff87e78448f4368d99af1
* sha1..: b9fcba3d201508fb0b9374aeec28ba5e0cda6d3f
* peid..: -

[ scan result ]
a-squared 4.5.0.50/20100128 found nothing
AhnLab-V3 5.0.0.2/20100128 found nothing
AntiVir 7.9.1.154/20100127 found nothing
Antiy-AVL 2.0.3.7/20100127 found nothing
Authentium 5.2.0.5/20100128 found [W32/Bredolab.CX]
Avast 4.8.1351.0/20100128 found [Win32:Trojan-gen]
AVG 9.0.0.730/20100127 found [FakeAlert]
BitDefender 7.2/20100128 found nothing
CAT-QuickHeal 10.00/20100128 found [(Suspicious) - DNAScan]
ClamAV 0.94.1/20100128 found nothing
Comodo 3735/20100128 found nothing
DrWeb 5.0.1.12222/20100127 found [Trojan.Botnetlog.zip]
eSafe 7.0.17.0/20100127 found nothing
eTrust-Vet 35.2.7264/20100127 found nothing
F-Prot 4.5.1.85/20100128 found [W32/Trojan3.BQC]
F-Secure 9.0.15370.0/20100128 found nothing
Fortinet 4.0.14.0/20100127 found nothing
GData 19/20100128 found [Win32:Trojan-gen]
Ikarus T3.1.1.80.0/20100128 found [Trojan.Win32.FakeAV]
Jiangmin 13.0.900/20100128 found nothing
K7AntiVirus 7.10.957/20100126 found nothing
Kaspersky 7.0.0.125/20100128 found nothing
McAfee 5874/20100127 found nothing
McAfee+Artemis 5874/20100127 found [Artemis!786F9FA8C896]
McAfee-GW-Edition 6.8.5/20100127 found nothing
Microsoft 1.5406/20100128 found [Trojan:Win32/Oficla.H!dll]
NOD32 4812/20100128 found nothing
Norman 6.04.03/20100127 found nothing
nProtect 2009.1.8.0/20100128 found nothing
Panda 10.0.2.2/20100127 found nothing
PCTools 7.0.3.5/20100128 found [Trojan.Generic]
Rising 22.32.03.03/20100128 found [Packer.Win32.Agent.GEN]
Sophos 4.50.0/20100128 found [Troj/Bredo-AE]
Sunbelt 3.2.1858.2/20100128 found nothing
Symantec 20091.2.0.41/20100128 found [Trojan Horse]
TheHacker 6.5.0.9.167/20100128 found nothing
TrendMicro 9.120.0.1004/20100128 found [TROJ_BANLOAD.EBD]
VBA32 3.12.12.1/20100127 found nothing
ViRobot 2010.1.28.2159/20100128 found nothing
VirusBuster 5.0.21.0/20100127 found nothing


FAZIT: Es scheint eine neue veränderte Variante eines bekannten Trojaners zu sein, der noch nicht
von allen AVP's erkannt wird, daher bitte Vorsichtig sein.
Eingestellt von um Keine Kommentare:
Abonnieren Posts (Atom)