Subject: Important Notice-July 2007 Statement 0000000
PLEASE DO NOT REPLY TO THIS E-MAIL. THIS E-MAIL ADDRESS IS USED BY
COMCAST AUTOMATED SYSTEMS AND IS NOT MONITORED.
Your August 07, 2007 Bank billing statement is ready for viewing. To
view your bill download attached Adobe Acrobat PDF file.
If you would like to discontinue receiving a hard copy billing
statement in the mail, you may do so by selecting the UPDATE STATEMENT METHOD
link once you have logged into your account. From there, simply select
the option for Electronic Statement Only.
You received this e-mail because you enrolled Account feature.
If you no longer wish to receive these e-mails, you will
need to cancel your enrollment. To cancel your enrollment, please log
in to your account and from the Update Profile screen, select the cancel
link from the bottom of the page.
As far as we can tell, the filename enclosed in the ZIP file won't extract properly because there are too many spaces and the filename it too long, but the spammers will probably figure it out eventually.
If you're using Postini, then the attachment manager can be easily configured to block all .exe files, and this also applied to .exe-in-.zip files.
Detections are patchy with some AV products picking up the executable packer. When the .exe files run it will attempt to install other malware, some of which will be picked up by AV products. According to VirusTotal:
| File statement.pdf____________________ received on 08.08.2007 17:44:19 (CET) | |||
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2007.8.3.0 | 2007.08.08 | - |
| AntiVir | 7.4.0.57 | 2007.08.08 | TR/Crypt.XPACK.Gen |
| Authentium | 4.93.8 | 2007.08.08 | - |
| Avast | 4.7.1029.0 | 2007.08.07 | - |
| AVG | 7.5.0.476 | 2007.08.07 | - |
| BitDefender | 7.2 | 2007.08.08 | - |
| CAT-QuickHeal | 9.00 | 2007.08.08 | (Suspicious) - DNAScan |
| ClamAV | 0.91 | 2007.08.08 | - |
| DrWeb | 4.33 | 2007.08.08 | - |
| eSafe | 7.0.15.0 | 2007.07.31 | suspicious Trojan/Worm |
| eTrust-Vet | 31.1.5043 | 2007.08.08 | - |
| Ewido | 4.0 | 2007.08.08 | Downloader.Agent.bhl |
| FileAdvisor | 1 | 2007.08.08 | - |
| Fortinet | 2.91.0.0 | 2007.08.08 | - |
| F-Prot | 4.3.2.48 | 2007.08.08 | - |
| F-Secure | 6.70.13030.0 | 2007.08.08 | Trojan-Downloader. Win32.Small.ehe |
| Ikarus | T3.1.1.12 | 2007.08.08 | - |
| Kaspersky | 4.0.2.24 | 2007.08.08 | Trojan-Downloader. Win32.Small.ehe |
| McAfee | 5092 | 2007.08.07 | - |
| Microsoft | 1.2704 | 2007.08.08 | VirTool:Win32/Obfuscator.C |
| NOD32v2 | 2444 | 2007.08.08 | a variant of Win32/Spy.Nuklus |
| Norman | 5.80.02 | 2007.08.08 | - |
| Panda | 9.0.0.4 | 2007.08.08 | Suspicious file |
| Prevx1 | V2 | 2007.08.08 | - |
| Rising | 19.35.22.00 | 2007.08.08 | - |
| Sophos | 4.19.0 | 2007.08.01 | - |
| Sunbelt | 2.2.907.0 | 2007.08.07 | Infostealer.Nuklus |
| Symantec | 10 | 2007.08.08 | - |
| TheHacker | 6.1.7.164 | 2007.08.08 | - |
| VBA32 | 3.12.2.2 | 2007.08.07 | Trojan-Spy.Win32.Small.gv |
| VirusBuster | 4.3.26:9 | 2007.08.08 | Trojan.DL.Small.Gen!Pac25 |
| Webwasher-Gateway | 6.0.1 | 2007.08.08 | Trojan.Crypt.XPACK.Gen |
| Additional information | |||
| File size: 13824 bytes | |||
| MD5: 38ac63f8b7ef22d9a07138ba73de7178 | |||
| SHA1: 6337e3178eba2859fd0e2e1188eab8b528696933 | |||
| packers: UPack | |||
-----
No comments:
Post a Comment