Online Order Confirmation?

  • Thread starter Thread starter Robert Green
  • Start date Start date
R

Robert Green

I don't pay much attention anymore, but this is malware I haven't seen
before, and KAV & F-PROT current yesterday don't know it.

Purports to be email delivery and payment receipt of Security Update
V3.1.1. Customer details for other than recipient.

Attach is a 6KB UPX'd PE.

Pardon me, if it is old news.

Bob
 
Robert:

I received a sample from a friend who also received this strange email.

I used McAfee Command Line Scanner
ENGINE v4320 beta
DAT v4308

It indicated: "MultiDropper-GP.a" Trojan

However, no information was ascertained at AVERT library.

Dave




| I don't pay much attention anymore, but this is malware I haven't seen
| before, and KAV & F-PROT current yesterday don't know it.
|
| Purports to be email delivery and payment receipt of Security Update
| V3.1.1. Customer details for other than recipient.
|
| Attach is a 6KB UPX'd PE.
|
| Pardon me, if it is old news.
|
| Bob
|
|
 
Some further info:

Troj/Tofger-A - http://www.sophos.com/virusinfo/analyses/trojtofgera.html

Win32.Myss.J - http://www3.ca.com/virusinfo/virus.aspx?ID=37602

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci938504,00.html

http://www.esecurityplanet.com/alerts/print.php/3111381

Dave



| Robert:
|
| I received a sample from a friend who also received this strange email.
|
| I used McAfee Command Line Scanner
| ENGINE v4320 beta
| DAT v4308
|
| It indicated: "MultiDropper-GP.a" Trojan
|
| However, no information was ascertained at AVERT library.
|
| Dave
|
|
|
|
| | | I don't pay much attention anymore, but this is malware I haven't seen
| | before, and KAV & F-PROT current yesterday don't know it.
| |
| | Purports to be email delivery and payment receipt of Security Update
| | V3.1.1. Customer details for other than recipient.
| |
| | Attach is a 6KB UPX'd PE.
| |
| | Pardon me, if it is old news.
| |
| | Bob
| |
| |
|
|
 
Yep. I got one yesterday too, and the virus scanner that Worldnet operates
for incoming mail didn't pick it up, so it must be pretty new. I thought
this was a clever new approach ("Hey Maud! They accidentally sent me
a $100 piece of software! I'd better install this..." :-).
--email: (e-mail address removed) icbm: Delray Beach, FL |
<URL:http://home.att.net/~Tom.Horsley> Free Software and Politics <<==+
 
Back
Top