I just got a message from a gmail account
(forged)
With a data.zip attached. It has a hta file
inside.
subject: Secure Mail
The body
says
ID: 46271
Password: zgbvndwdx
Message is
attached.
Sincerely,
Protected Mail System,
Gmail.com
Using
virustotal.com it is only catched by very few companies.
This is a report
processed by VirusTotal on 01/26/2006 at 01:38:32 (CET) after scanning the file
"data.zip" file.
This is a report processed by VirusTotal on
01/26/2006 at 01:38:32 (CET)
after scanning the file "data.zip"
file.
| Antivirus | Version | Update | Result |
| AntiVir | 6.33.0.77 | 01.25.2006 | no virus found |
| Avast | 4.6.695.0 | 01.25.2006 | no virus found |
| AVG | 718 | 01.25.2006 | Worm/Feebs |
| Avira | 6.33.0.77 | 01.25.2006 | no virus found |
| BitDefender | 7.2 | 01.26.2006 | no virus found |
| CAT-QuickHeal | 8.00 | 01.25.2006 | no virus found |
| ClamAV | devel-20051123 | 01.26.2006 | no virus found |
| DrWeb | 4.33 | 01.25.2006 | Win32.HLLM.Graz |
| eTrust-InoculateIT | 23.71.60 | 01.25.2006 | no virus found |
| eTrust-Vet | 12.4.2056 | 01.25.2006 | Win32/Feeb!ZIP |
| Ewido | 3.5 | 01.25.2006 | no virus found |
| Fortinet | 2.54.0.0 | 01.26.2006 | JS/Feebs.fam-mm |
| F-Prot | 3.16c | 01.25.2006 | no virus found |
| Ikarus | 0.2.59.0 | 01.25.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 01.25.2006 | Worm.Win32.Feebs.gen |
| McAfee | 4682 | 01.25.2006 | no virus found |
| NOD32v2 | 1.1380 | 01.25.2006 | JS/TrojanDownloader.Tivso.gen |
| Norman | 5.70.10 | 01.25.2006 | JS/[EMAIL PROTECTED] |
| Panda | 9.0.0.4 | 01.25.2006 | no virus found |
| Sophos | 4.01.0 | 01.25.2006 | no virus found |
| Symantec | 8.0 | 01.26.2006 | W32.Feebs |
| TheHacker | 5.9.3.081 | 01.26.2006 | no virus found |
| UNA | 1.83 | 01.25.2006 | no virus found |
| VBA32 | 3.10.5 | 01.25.2006 | no virus found |
F-prot, Mcaffe, ClamAV are not catching it.
meanwhile I am banning it via the body of the email. Catching "Protected Mail System"
