태터데스크 관리자

도움말
닫기
적용하기   첫페이지 만들기

태터데스크 메시지

저장하였습니다.

신종악성코드정보2010.07.18 12:05


아마존닷컴 발신으로 위장한 악성코드
Amazon.com 사칭 메일 주의
viruslab.tistory.com

미국의 서적 구매 사이트인 Amazon.com 에서 발송한 Sony Bravia 구입관련 메일로 교묘하게 위장한 악성코드 이메일이 지속적으로 제작되어 발견되고 있습니다.

지난 번에 발견된 내용을 변경한 변형 메일이 국내에 추가 유입되었으므로, 각별히 주의하시면 좋겠습니다.

제목 :
Thank you, your Amazon

내용 :
Thank you for shopping at Amazon!

We have successfully received your payment.

Your order has been shipped to your billing address.

You have ordered ” Sony Bravia S160568”

You can find your tracking number in attached to the e-mail document.

Print the postal label to get your package.

We hope you enjoy your order!

첨부파일 :
Amazon_Invoice_14.07.2010.zip.zip

사용자 삽입 이미지

Amazon_Invoice_14.07.2010.zip.zip 압축 파일에는 다음과 같은 악성코드가 포함되어 있습니다.

사용자 삽입 이미지

바이러스 토탈 진단 현황

http://www.virustotal.com/analisis/f7366f914fb17156bb5c60eaf91af41bfbba7c7883ef0f167966c06b684d5675-1279394359

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.17 Win32.Outbreak!IK
AhnLab-V3 2010.07.17.00 2010.07.16 Win32/Palevo.worm.35533
AntiVir 8.2.4.12 2010.07.16 TR/Oficla.AF
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.17 W32/Oficla.AN
Avast 4.8.1351.0 2010.07.17 Win32:Trojan-gen
Avast5 5.0.332.0 2010.07.17 Win32:Trojan-gen
AVG 9.0.0.836 2010.07.17 Crypt.XTV
BitDefender 7.2 2010.07.17 Gen:Variant.Oficla.4
CAT-QuickHeal 11.00 2010.07.16 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.07.17 Trojan.Agent-165627
Comodo 5458 2010.07.17 Heur.Suspicious
DrWeb 5.0.2.03300 2010.07.17 Trojan.Oficla.38
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 Win32/Oficla.JO
F-Prot 4.6.1.107 2010.07.17 W32/Oficla.AN
F-Secure 9.0.15370.0 2010.07.17 Trojan-Dropper:W32/Oficla.HC
Fortinet 4.1.143.0 2010.07.17 -
GData 21 2010.07.17 Gen:Variant.Oficla.4
Ikarus T3.1.1.84.0 2010.07.17 Win32.Outbreak
Jiangmin 13.0.900 2010.07.17 -
Kaspersky 7.0.0.125 2010.07.17 Trojan.Win32.Jorik.Oficla.as
McAfee 5.400.0.1158 2010.07.17 Bredolab.gen.c
McAfee-GW-Edition 2010.1 2010.07.16 Artemis!E0431654E597
Microsoft 1.6004 2010.07.17 Trojan:Win32/Meredrop
NOD32 5287 2010.07.17 Win32/Oficla.GN
Norman 6.05.11 2010.07.17 -
nProtect 2010-07-17.02 2010.07.17 Gen:Variant.Oficla.4
Panda 10.0.2.7 2010.07.17 -
PCTools 7.0.3.5 2010.07.17 Trojan.Sasfis
Prevx 3.0 2010.07.17 High Risk Cloaked Malware
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.17 Mal/Behav-043
Sunbelt 6598 2010.07.17 Trojan.Win32.Generic.pak!cobra
SUPERAntiSpyware 4.40.0.1006 2010.07.17 -
Symantec 20101.1.1.7 2010.07.17 Trojan.Sasfis
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.17 TROJ_SASFIS.CM
TrendMicro-HouseCall 9.120.0.1004 2010.07.17 TROJ_SASFIS.CM
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.17 -
VirusBuster 5.0.27.0 2010.07.17 Trojan.Sasfis.KHQ
Additional information
File size: 35533 bytes
MD5   : e0431654e5979c6b63ab76031d7a0105

제목 :
Your tracking number

내용 :
Thank you for shopping at Amazon!

We have successfully received your payment.

Your order has been shipped to your billing address.

You have ordered ” Sony Bravia S160568”

You can find your tracking number in attached to the e-mail document.

Print the postal label to get your package.

We hope you enjoy your order!

첨부파일 :
Amazon_Invoice_14.07.2010.zip.zip




http://www.virustotal.com/analisis/f7366f914fb17156bb5c60eaf91af41bfbba7c7883ef0f167966c06b684d5675-1279394359

Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.17 Win32.Outbreak!IK
AhnLab-V3 2010.07.17.00 2010.07.16 Win32/Palevo.worm.35533
AntiVir 8.2.4.12 2010.07.16 TR/Oficla.AF
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.17 W32/Oficla.AN
Avast 4.8.1351.0 2010.07.17 Win32:Trojan-gen
Avast5 5.0.332.0 2010.07.17 Win32:Trojan-gen
AVG 9.0.0.836 2010.07.17 Crypt.XTV
BitDefender 7.2 2010.07.17 Gen:Variant.Oficla.4
CAT-QuickHeal 11.00 2010.07.16 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.07.17 Trojan.Agent-165627
Comodo 5458 2010.07.17 Heur.Suspicious
DrWeb 5.0.2.03300 2010.07.17 Trojan.Oficla.38
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7715 2010.07.16 Win32/Oficla.JO
F-Prot 4.6.1.107 2010.07.17 W32/Oficla.AN
F-Secure 9.0.15370.0 2010.07.17 Trojan-Dropper:W32/Oficla.HC
Fortinet 4.1.143.0 2010.07.17 -
GData 21 2010.07.17 Gen:Variant.Oficla.4
Ikarus T3.1.1.84.0 2010.07.17 Win32.Outbreak
Jiangmin 13.0.900 2010.07.17 -
Kaspersky 7.0.0.125 2010.07.17 Trojan.Win32.Jorik.Oficla.as
McAfee 5.400.0.1158 2010.07.17 Bredolab.gen.c
McAfee-GW-Edition 2010.1 2010.07.16 Artemis!E0431654E597
Microsoft 1.6004 2010.07.17 Trojan:Win32/Meredrop
NOD32 5287 2010.07.17 Win32/Oficla.GN
Norman 6.05.11 2010.07.17 -
nProtect 2010-07-17.02 2010.07.17 Gen:Variant.Oficla.4
Panda 10.0.2.7 2010.07.17 -
PCTools 7.0.3.5 2010.07.17 Trojan.Sasfis
Prevx 3.0 2010.07.17 High Risk Cloaked Malware
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.17 Mal/Behav-043
Sunbelt 6598 2010.07.17 Trojan.Win32.Generic.pak!cobra
SUPERAntiSpyware 4.40.0.1006 2010.07.17 -
Symantec 20101.1.1.7 2010.07.17 Trojan.Sasfis
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.17 TROJ_SASFIS.CM
TrendMicro-HouseCall 9.120.0.1004 2010.07.17 TROJ_SASFIS.CM
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.17 -
VirusBuster 5.0.27.0 2010.07.17 Trojan.Sasfis.KHQ
Additional information
File size: 35533 bytes
MD5   : e0431654e5979c6b63ab76031d7a0105

 

Posted by viruslab