Tuesday, 5 August 2008

0 hour UPS Invoice

There was another spam run of the fake UPS invoice yesterday, this time with a different version of the malware, in the zip attachment:

What was interesting, was that the signatures I'd added to catch the last one, detected the new varient too:

As you can see from the above stats graph, Email_Malware_Sanesecurity_08072227
(in yellow) was being blocked from around 5.30pm to 7pm. ClamAV started detecting the attched file at 7pm (Trojan_Zbot_1737).

What does the exe file do? (contained in the zip)... well, here's what ThreatExpert said

No comments: