Just a sample of the Echomail archive
Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.
| INTERNET | The global pornography network | 2,155 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 1,458 of 2,155 |
| August Abolins to All |
| trojan inside xls file |
| 10 Mar 20 09:25:00 |
MSGID: 2:221/1.58@fidonet e2496f20 PID: OpenXP/5.0.43 (Win32) CHRS: ASCII 1 TZUTC: -0400 Hello! There's a bogus .xls file going around with a malware payload. This is the second such email I've receive in about 3 days: eg. invoice_554137.xls What is interesting.. although the filename downloaded is named as per above, VirusTotal reports the filename to be different! So, it's behaving like a file within a file within a file within.. etc. Processing it at VirusTotal produces: bff54499db6c578c8b3b842c70d8cb9d30bbe6ec4b04726bfbfaa104346a92ce invoice_908873.xls 65.50 KB 9 engines detected this file ESET-NOD32 DOC/TrojanDownloader.Agent.AUI Ikarus Win32.SuspectCrc Kaspersky HEUR:Trojan.MSOffice.Pederr.gen Microsoft Trojan:Win32/Emali.A!cl Qihoo-360 Generic/Trojan.07c Sophos AV Troj/DocDl-XSO Symantec Trojan.Mdropper TACHYON Trojan/XF.Downloader.Gen ZoneAlarm by Check Point HEUR:Trojan.MSOffice.Pederr.gen BitDam ATP MALWARE Lastline MALWARETROJAN Ad-Aware Undetected AegisLab Undetected AhnLab-V3 Undetected ALYac Undetected Antiy-AVL Undetected Arcabit Undetected Avast Undetected Avast-Mobile Undetected AVG Undetected Avira (no cloud) Undetected Baidu Undetected The "popular" engines: AVG, Avast, Ad-Aware, and so on down the list don't detect this thing. Bad news. Beware! ../|ug --- OpenXP 5.0.43 * Origin: /|ug's Point, Ont. CANADA (2:221/1.58) SEEN-BY: 1/123 90/1 103/705 154/10 203/0 221/1 6 360 227/114 229/101 SEEN-BY: 229/426 452 1014 240/5832 249/206 317 400 280/464 5003 288/100 SEEN-BY: 292/854 310/31 317/3 322/757 342/200 396/45 423/81 120 712/848 SEEN-BY: 770/1 2452/250 PATH: 221/1 280/464 229/426 |
(c) 1994, bbs@darkrealms.ca