Virus "Trojan horse Injector.FP" Slips Through Postini
True Blade uses Postini for our email virus and spam filtering. Today's the first time I can recall that Postini has let a virus come through. The email's Subject was: "Western Union transfer is available for withdrawl". Other technical details of the email and the virus are presented below.
Today at 9:56pm I received an email with a virus in an attached zip file. Others are probably receiving the message as well so delete the email if you receive it.
For testing purposes, I uploaded the zip file to a Linux server and unzipped the zip file to look at what was inside. At that point AVG anti-virus was able to immediately identify the .exe file within the email as a virus.
The email came with a .zip file attachment called M2f318a54.zip with file size 28357 bytes.
Inside the zip file was an executable program: M2f318a54.exe, 45056 bytes, and dated Jan 18, 2038. Delete this email if you receive it; do not open this email or forward it to others. Below is the email's header and body.
Return-Path: <commiserationep3@sobmen.ru>
Received: from murder ([unix socket])
by deleted (Cyrus v2.3.7-Invoca-RPM-2.3.7-8.fc6) with LMTPA;
Tue, 01 Sep 2009 20:56:17 -0400
X-Sieve: CMU Sieve 2.3
Received: from psmtp.com (exprod8mx279.postini.com [64.18.3.77])
by tok.trueblade.com (Postfix) with SMTP id 478131818164
for <deleted>; Tue, 1 Sep 2009 20:56:14 -0400 (EDT)
Received: from source ([173.74.55.173]) by exprod8mx279.postini.com ([64.18.7.10]) with SMTP;
Wed, 02 Sep 2009 00:56:16 GMT
Received: from 173.74.55.173 by mail.sobmen.ru; Tue, 1 Sep 2009 20:56:09 -0500
Message-ID: <000d01ca2b68$28a0f230$6400a8c0@commiserationep3>
From: "Misty Fournier" <commiserationep3@sobmen.ru>
To: <deleted>
Subject: Western Union transfer is available for withdrawl
Date: Tue, 1 Sep 2009 20:56:09 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01CA2B68.28A0F230"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-pstn-neptune: 45/43/0.96/77
X-pstn-levels: (S: 0.06505/99.18051 CV: 0.0000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:9
7.0282 C:98.6951 )
This is a multi-part message in MIME format.
------=_NextPart_000_0006_01CA2B68.28A0F230
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
Hello.
The amount of money transfer: 2111 USD.
Money is available to withdrawl.
You may find the MTCN number and receiver's details in document attached to this email.
Western Union.
Financial Services.
