假IE7更新電子郵件
2008 年 08 月 11 日 – 11:14:45最近發現一封電子郵件偽裝成IE7更新,企圖誘導使用者點擊郵件內容之連結。點擊後,會下載名為「update.exe」的檔案(惡意程式名稱為Trojan-Downloader.Win32.Small.aafh),請各位小心。
Google Search 查詢結果(未發現異狀),如下圖所示:
McAfee SiteAdvisor 查詢結果(未發現異狀),如下圖所示:
趨勢科技網頁信譽評等查詢結果(發現異狀),如下圖所示:
finjan網頁信譽評等查詢結果(未發現異狀),如下圖所示:
Dr.Web網頁信譽評等查詢結果(發現異狀),如下圖所示:
Exploit Prevention Labs網頁信譽評等查詢結果(未發現異狀),如下圖所示:
VirusTotal掃描結果(32/36 (88.89%)):
File update.exe received on 08.09.2008 00:30:56 (CET)
AhnLab-V3: Win32/Zhelatin.worm.139776.QM
AntiVir: TR/Dldr.Small.aafh
Authentium: W32/Downldr2.DIFM
Avast: Win32:Trojan-gen {Other}
AVG: Downloader.Generic7.AEHX
BitDefender: Trojan.FakeAlert.YK
CAT-QuickHeal: TrojanDownloader.Small.aafh
ClamAV: Trojan.Fakealert-446
DrWeb: Trojan.Fakealert.995
eSafe: Suspicious File
eTrust-Vet: Win32/Bugnraw.CC
Ewido:
F-Prot: W32/Downldr2.DIFM
F-Secure: Trojan-Downloader.Win32.Small.aafh
Fortinet: W32/FakeAle.AAFH!tr.dldr
GData: Trojan-Downloader.Win32.Small.aafh
Ikarus: Trojan-Downloader.Win32.Small.aafh
K7AntiVirus:
Kaspersky: Trojan-Downloader.Win32.Small.aafh
McAfee: Generic FakeAlert.a
Microsoft: TrojanDownloader:Win32/Renos.DI
NOD32v2: Win32/TrojanDownloader.FakeAlert.DJ
Norman: W32/Renos.dam
Panda: Adware/Antivirus2008XP
PCTools: Trojan-Downloader.Small!sd6
Prevx1: Malicious Software
Rising:
Sophos: Troj/FakeAle-EF
Sunbelt: Trojan.Unidentified.Gen.AT
Symantec: Trojan.Dropper
TheHacker:
TrendMicro: TROJ_RENOS.ADX
VBA32: Trojan-Downloader.Win32.renos.adx
ViRobot: Trojan.Win32.Downloader.139776.C
VirusBuster: Trojan.FakeAlert.FV
Webwasher-Gateway: Trojan.Dldr.Small.aafh
Additional information
MD5: 6b50dc99f2ca5e90ef6ecef9a25c6157
SHA1: 464d7f2e540eafc2162293ad11b28ba8b91dd21b
SHA256: 9083a161e7e9fb25bd99d814cfafa953881b1249ad079040c5faf158a3b7f203
SHA512: 1c70fe117fb7a757807484bad7ab7400427433e0b9e1cceb05c72b194cb22e7dc25e4b5774679c3a782ad4873fdfdc931e01e3b50f53ef65f6582aa081b50896
