trojans posing as virus patch in e-mail

Discussion in 'malware problems & news' started by herbalist, Apr 12, 2007.

Thread Status:
Not open for further replies.
  1. herbalist

    herbalist Guest

    This turned up in my spamcatcher today, supposedly from the site administrator.
    Titled: Virus Activity Detected!
    The "text" is an image file.
    The attachment is a passworded zip file named

    Why am I posting this when infected attachments posing as patches are old news? By password protecting the zip file, several AVs don't detect the infected contents.
    VirusTotal scan of passworded zip file.
    VirusTotal scan of extracted file.
    It appears that quite a few AVs have trouble with password protected zip files.
    The payload is a Zhelatin variant, a rootkit based mailing worm that also terminates security software and disables several system utilities such as regedit and msconfig.
  2. ronjor

    ronjor Global Moderator

    Jul 21, 2003
Thread Status:
Not open for further replies.