Threat in emil attachments again...

Maybe old news but I just received 4 emails with zip attachments--
message.zip
doc.zip
notice.zip
text.zip

These are surely some kind of threat though no scanner I have tried detects anything.
Trying to open unzip on a MAC results in af format error..

Just an FYI- these were blocked by attachment blocking on the email server!

Gerry

 

Try to send these files to http://www.virustotal.com/

 

Sent them last night. No threats found with any scanner at that time.

Gerry

 

Hi gerrya,

Please follow the advice in -->this<-- post by Blackspear which I think should fully cover your issue.

Cheers

 

Hi, like you I've gotten several .EXE viruses sent to our e-mail boxes recently as ZIP attachments. I had previously complained that NOD32 did not detect them, which was only partially true. NOD32 did not detect some of them with an on-demand scan, but I decided to actually run the viruses in an isolated VirtualPC environment and then NOD32 stopped them.

In fact this morning I got the "shocking.exe" rootkit which NOD32 did not detect in the archive or when I extracted it to my desktop. However, when I ran it in the isolated VirtualPC environment (don't try this unless you know what you're doing!), NOD32 stopped it trying to install the IP6fw.sys driver and deleted the EXE. NOD32 then identified it as the Win32/Rootkit.Agent.DP trojan.

So even though I'd prefer NOD32 to catch these with an on-demand scan, it's nice to know it's going to stop some of them when they're executed. It gives me quite a bit of peace of mind, and makes me feel more confident about NOD32's abilities.

I suppose this is another example of how those online multi-engine scanners don't tell the whole story.