|
|||||||||||
|
|
News & Press releases
| Press releases & general news | |
 |
Press & Company News |
|
General news |
|
In the press |
20 July 2008
When you receive an email from UPS regarding a package that can't be delivered due to an incorrect recipients address you better watch out. The chance is very likely that this is a new variant of a trojan trying to get your attention and to infect your computer.
The messages contains the text:
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient?s address is not correct. Please print out the invoice copy attached and collect the package at our office Your UPS
The messages includes an attachment ups_invoice.zip which extracts the ups_invoice.exe file. This file contains a trojan known as W32/Agent.HFN by F-Prot. We couldn't resist to submit this file to Virus Total and to see how many signature based anti virus engine will detect this malware. This time there where only 8 of the 34 anti virus engines detecting the trojan.
Here are the complete results from Virus Total:
Again, this is showing the importance of a zero hour anti virus protection like MX Lab is offering.
Antivirus Version Last Update Result AhnLab-V3 2008.7.17.0 2008.07.18 - AntiVir 7.8.1.11 2008.07.20 - Authentium 5.1.0.4 2008.07.20 W32/Agent.HFN Avast 4.8.1195.0 2008.07.20 - AVG 8.0.0.130 2008.07.19 Dropper.Generic.VGK BitDefender 7.2 2008.07.20 - CAT-QuickHeal 9.50 2008.07.18 - ClamAV 0.93.1 2008.07.20 - DrWeb 4.44.0.09170 2008.07.20 - eSafe 7.0.17.0 2008.07.20 Suspicious File eTrust-Vet 31.6.5966 2008.07.18 - Ewido 4.0 2008.07.20 - F-Prot 4.4.4.56 2008.07.20 W32/Agent.HFN F-Secure 7.60.13501.0 2008.07.20 Suspicious:W32/Malware!Gemini Fortinet 3.14.0.0 2008.07.20 - GData 2.0.7306.1023 2008.07.20 - Ikarus T3.1.1.34.0 2008.07.20 Trojan-Dropper.Win32.Delf.aef Kaspersky 7.0.0.125 2008.07.20 - McAfee 5342 2008.07.18 - Microsoft 1.3704 2008.07.20 - NOD32v2 3282 2008.07.19 - Norman 5.80.02 2008.07.18 - Panda 9.0.0.4 2008.07.20 - Prevx1 V2 2008.07.20 - Rising 20.53.62.00 2008.07.20 - Sophos 4.31.0 2008.07.20 - Sunbelt 3.1.1536.1 2008.07.18 - Symantec 10 2008.07.20 - TheHacker 6.2.96.385 2008.07.19 - TrendMicro 8.700.0.1004 2008.07.18 - VBA32 3.12.8.1 2008.07.20 - VirusBuster 4.5.11.0 2008.07.19 Packed/Pohernah Webwasher-Gateway 6.6.2 2008.07.20 Win32.Malware.gen#ASPack (suspicious)