|
|||||||||||
|
|
News & Press releases
| Press releases & general news | |
 |
Press & Company News |
|
General news |
|
In the press |
23 June 2008
Virus outbreaks like in the past when tons of emails contained a virus, trojan or other malicious file attached are rare these days.
Distributors of these kind of mailicious codings are using other techniques to get their files on your computer. By email they try to attract your attention and get you clicking on a link to visit a web site. This web site then contains a script than will download the virus, trojan, or whatever malafide piece of code on your desktop. It is then very likely that you computer could be part of a zombie botnet.
However, virusses by email aren't dead yet. During the last few weeks MX Lab has detected and intercepted emails with new virus variants. These virusses are attached to an email that mentions "You have received a Hallmark E-Card" or "Hot Pictures" and packed in a .zip or .rar archive.
Let's find out how MX Lab performs with the zero hour anti virus technolgy and why you still need a very good anti virus scanning and filtering service.
How does the zero hour anti virus of MX Lab performs?
At 20:55 - local Belgium time - MX Lab detected some emails containing a .rar archive that where intercepted by our zero hour anti virus. The emails are in the German language with subjects like Abbuchungserlaubnis, Ihr neuer Arbeitsvertrag and Tilgungvertrag. This is an example of the content:
Sehr geehrter Kunde, sehr geehrte Kundin! Ihr Abbuchungsauftrag Nr. 418541651249 wurde erfullt. Ein Betrag von 2927.00 EURO wurde abgebucht und wird in Ihrem Bankauszug als "Paypalabbuchung " angezeigt. Sie finden die Details zu der Rechnung im Anhang PayPal (Europe) S.224; r.l. & Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg Vertretungsberechtigter: Brent Bellm Handelsregisternummer: R.C.S. Luxembourg B 118 349
At 22:04 we analysed the email and send the extracted Rechnung.exe file to Virus Total. Virus Total will scan each uploaded file to 33 anti virus engines.
This is the result: only 13 of the 33 anti virus engines did detect the virus!
Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - - Authentium - - W32/Trojan2.ASYN Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - (Suspicious) - DNAScan ClamAV - - PUA.Packed.NPack-2 DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - Suspicious:W32/Malware!Gemini Fortinet - - - GData - - - Ikarus - - Win32.Outbreak Kaspersky - - - McAfee - - New Malware.co Microsoft - - Trojan:Win32/Zbot.CX NOD32v2 - - - Norman - - - Panda - - Suspicious file Prevx1 - - - Rising - - - Sophos - - Sus/UnkPacker Sunbelt - - VIPRE.Suspicious Symantec - - - TheHacker - - W32/Behav-Heuristic-068 TrendMicro - - PAK_Generic.002 VBA32 - - - VirusBuster - - - Webwasher-Gateway - - Win32.Malware.gen (suspicious)
Conclusion
With some major anti virus software vendors like Kaspersky, Symantec, Avast, Bitdefender,... don't have a detection for this one you could face a serious security risk when you handle the incoming email without some attention. It is not the first time that we notice such a low detection rate when we analyse a file at Virus Total. It is clear that some signature based anti virus engine alone aren't sufficient. Combined with the zero hour anti virus service of MX Lab you will have a much better protection against virusses.