2008 July 20 « mxlab – all about anti virus and anti spam

UPS Tracking number trojan

July 20, 2008 49 Comments

When you receive an email from UPS regarding a package that can’t be delivered due to an incorrect recipients address you better watch out. The chance is very likely that this is a new variant of a trojan trying to get your attention and to infect your computer.

null

The messages contains the text:

Unfortunately we were not able to deliver postal package you sent on July the 1st in time
because the recipients address is not correct.
Please print out the invoice copy attached and collect the package at our office

Your UPS

The messages includes an attachment ups_invoice.zip which extracts the ups_invoice.exe file. This file contains a trojan known as W32/Agent.HFN by F-Prot. We couldn’t resist to submit this file to Virus Total and to see how many signature based anti virus engine will detect this malware. This time there where only 8 of the 34 anti virus engines detecting the trojan.

Here are the complete results from Virus Total:

Antivirus Version Last Update Result

AhnLab-V3 2008.7.17.0 2008.07.18 -

AntiVir 7.8.1.11 2008.07.20 -

Authentium 5.1.0.4 2008.07.20 W32/Agent.HFN

Avast 4.8.1195.0 2008.07.20 -

AVG 8.0.0.130 2008.07.19 Dropper.Generic.VGK

BitDefender 7.2 2008.07.20 -

CAT-QuickHeal 9.50 2008.07.18 -

ClamAV 0.93.1 2008.07.20 -

DrWeb 4.44.0.09170 2008.07.20 -

eSafe 7.0.17.0 2008.07.20 Suspicious File

eTrust-Vet 31.6.5966 2008.07.18 -

Ewido 4.0 2008.07.20 -

F-Prot 4.4.4.56 2008.07.20 W32/Agent.HFN

F-Secure 7.60.13501.0 2008.07.20 Suspicious:W32/Malware!Gemini

Fortinet 3.14.0.0 2008.07.20 -

GData 2.0.7306.1023 2008.07.20 -

Ikarus T3.1.1.34.0 2008.07.20 Trojan-Dropper.Win32.Delf.aef

Kaspersky 7.0.0.125 2008.07.20 -

McAfee 5342 2008.07.18 -

Microsoft 1.3704 2008.07.20 -

NOD32v2 3282 2008.07.19 -

Norman 5.80.02 2008.07.18 -

Panda 9.0.0.4 2008.07.20 -

Prevx1 V2 2008.07.20 -

Rising 20.53.62.00 2008.07.20 -

Sophos 4.31.0 2008.07.20 -

Sunbelt 3.1.1536.1 2008.07.18 -

Symantec 10 2008.07.20 -

TheHacker 6.2.96.385 2008.07.19 -

TrendMicro 8.700.0.1004 2008.07.18 -

VBA32 3.12.8.1 2008.07.20 -

VirusBuster 4.5.11.0 2008.07.19 Packed/Pohernah

Webwasher-Gateway 6.6.2 2008.07.20 Win32.Malware.gen#ASPack (suspicious)

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.17.0	2008.07.18	-
AntiVir	7.8.1.11	2008.07.20	-
Authentium	5.1.0.4	2008.07.20	W32/Agent.HFN
Avast	4.8.1195.0	2008.07.20	-
AVG	8.0.0.130	2008.07.19	Dropper.Generic.VGK
BitDefender	7.2	2008.07.20	-
CAT-QuickHeal	9.50	2008.07.18	-
ClamAV	0.93.1	2008.07.20	-
DrWeb	4.44.0.09170	2008.07.20	-
eSafe	7.0.17.0	2008.07.20	Suspicious File
eTrust-Vet	31.6.5966	2008.07.18	-
Ewido	4.0	2008.07.20	-
F-Prot	4.4.4.56	2008.07.20	W32/Agent.HFN
F-Secure	7.60.13501.0	2008.07.20	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.07.20	-
GData	2.0.7306.1023	2008.07.20	-
Ikarus	T3.1.1.34.0	2008.07.20	Trojan-Dropper.Win32.Delf.aef
Kaspersky	7.0.0.125	2008.07.20	-
McAfee	5342	2008.07.18	-
Microsoft	1.3704	2008.07.20	-
NOD32v2	3282	2008.07.19	-
Norman	5.80.02	2008.07.18	-
Panda	9.0.0.4	2008.07.20	-
Prevx1	V2	2008.07.20	-
Rising	20.53.62.00	2008.07.20	-
Sophos	4.31.0	2008.07.20	-
Sunbelt	3.1.1536.1	2008.07.18	-
Symantec	10	2008.07.20	-
TheHacker	6.2.96.385	2008.07.19	-
TrendMicro	8.700.0.1004	2008.07.18	-
VBA32	3.12.8.1	2008.07.20	-
VirusBuster	4.5.11.0	2008.07.19	Packed/Pohernah
Webwasher-Gateway	6.6.2	2008.07.20	Win32.Malware.gen#ASPack (suspicious)

Again, this is showing the importance of a zero hour anti virus protection like MX Lab is offering.

Filed under Viruses Tagged with Malware, Spam, tracking number, trojan, UPS, UPS trojan, UPS virus, virus

mxlab – all about anti virus and anti spam

UPS Tracking number trojan

Recent Posts

Categories

Blogroll

Links

Security Sources

Security Tools

Spam Sources

Archives

Email Subscription

Follow “mxlab - all about anti virus and anti spam”

July 2008
M	T	W	T	F	S	S
« Jun				Aug »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31