supergravy
August 25th, 2006, 04:42 AM
Yesterday I recieved a Paypal phishing email that was a little better then the usual. Instead of including links asking for my personal info, it wanted me to open a zipped attachment that would show the fraud activity that had occurred on my account. Being in AV testing mode lately, I couldn't help but check out the attachment.
The interesting part is that Yahoo Mail scanned the download with Norton AV 2006, declared it clean and allowed me to download it. This happened on a machine at work that is also running Norton and did not detect anything. As this was a work machine I put the file on a USB stick and left it alone until I got home.
Once home I went back to my Yahoo mail account on a machine running KAV6. Yahoo still showed the file as clean and let me begin to download. Kaspersky immediately started squeeling and declared it infected by Win32/TrojanDownloader.Agent.AUM trojan. My laptop running NOD32 detected the same.
I am thankful for good AV programs like KAV and NOD32! Many of my friends and relatives would have taken Norton/Yahoo's word that this was clean and opened it up. Frankly I am surprised that not all AV programs would detect this. Here is what virus.org had to say about the file:
Scanner Scanner Version Result Scan Time
ArcaVir 1.0.3 Clean 1.00597 secs
avast! 2.0.0 Clean 0.0270441 secs
AVG Anti Virus 7.1.30 Downloader.Agent.FBL 1.92365 secs
Avira Desktop 1.1.6-32 Trojan/Dldr.Agent.aum 3.3255 secs
BitDefender 7.1 Trojan.Downloader.Agent.AUM 4.09331 secs
ClamAV 0.88/1728 Trojan.Downloader.Small-2242 0.0242629 secs
Dr. Web 4.33.0 Trojan.DownLoader.12341 5.57629 secs
F-PROT 4.6.5 W32/Downloader.AFRJ 0.463414 secs
H+BEDV AntiVir NULL Trojan/Dldr.Agent.aum 3.43864 secs
Ikarus PSCAN 2.32 Clean 7.52984 secs
NOD32 2.51.1 Win32/TrojanDownloader.Agent.AUM trojan 2.09968 secs
Norman Virus Control 5.70.01 Suspicious_F.gen 4.12276 secs
Sophos Sweep 4.05.0 Clean 2.81337 secs
VBA32 3.11.0 Clean 2.37423 secs
VirusBuster 2005 1.2.4 Trojan.DL.Agent.PMJ 1.43007 secs
By the way, today Yahoo mail is also detecting this as malware and won't let me download this attachment. :dry:
The interesting part is that Yahoo Mail scanned the download with Norton AV 2006, declared it clean and allowed me to download it. This happened on a machine at work that is also running Norton and did not detect anything. As this was a work machine I put the file on a USB stick and left it alone until I got home.
Once home I went back to my Yahoo mail account on a machine running KAV6. Yahoo still showed the file as clean and let me begin to download. Kaspersky immediately started squeeling and declared it infected by Win32/TrojanDownloader.Agent.AUM trojan. My laptop running NOD32 detected the same.
I am thankful for good AV programs like KAV and NOD32! Many of my friends and relatives would have taken Norton/Yahoo's word that this was clean and opened it up. Frankly I am surprised that not all AV programs would detect this. Here is what virus.org had to say about the file:
Scanner Scanner Version Result Scan Time
ArcaVir 1.0.3 Clean 1.00597 secs
avast! 2.0.0 Clean 0.0270441 secs
AVG Anti Virus 7.1.30 Downloader.Agent.FBL 1.92365 secs
Avira Desktop 1.1.6-32 Trojan/Dldr.Agent.aum 3.3255 secs
BitDefender 7.1 Trojan.Downloader.Agent.AUM 4.09331 secs
ClamAV 0.88/1728 Trojan.Downloader.Small-2242 0.0242629 secs
Dr. Web 4.33.0 Trojan.DownLoader.12341 5.57629 secs
F-PROT 4.6.5 W32/Downloader.AFRJ 0.463414 secs
H+BEDV AntiVir NULL Trojan/Dldr.Agent.aum 3.43864 secs
Ikarus PSCAN 2.32 Clean 7.52984 secs
NOD32 2.51.1 Win32/TrojanDownloader.Agent.AUM trojan 2.09968 secs
Norman Virus Control 5.70.01 Suspicious_F.gen 4.12276 secs
Sophos Sweep 4.05.0 Clean 2.81337 secs
VBA32 3.11.0 Clean 2.37423 secs
VirusBuster 2005 1.2.4 Trojan.DL.Agent.PMJ 1.43007 secs
By the way, today Yahoo mail is also detecting this as malware and won't let me download this attachment. :dry: