Thursday, 14 August 2008

Fake Auto Identification Card documents

Just received the following email, with a zip file attached (containing an exe file):




















Submitted the file to VirusTotal and the result isn't very good (3/36 scanners):
















Submitting the file to ThreatExpert, gives the following result

"Threat characteristics of ZBot - a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system."

Added detection as: Email.Malware.Sanesecurity.08081405

1 comment:

terryd said...

Hi Steve
Just had this one too
http://www.virustotal.com/analisis/998018900fef354ce47a062c2474df2a
Zipped file with subject
Fedex tracking number 8474657471

Not sure how to add it to the db for clam