New Threat Not Found By Avast

I received a email from someone I do not know. It read.


Date: Fri, 29 Dec 2006 03:30:18 +0100
From: “Vivian Z. Castillo” ncozcc@norda-lysell.de
Add to Address Book Add Mobile Alert
To: *******@yahoo.com
Subject: Happy New Year!

Attachments
Attachment scanning provided by: Norton AntiVirus 2006

Files:
postcard.exe (17k)
Scan and Save to Computer - Save to Yahoo! Briefcase


Thats it. Well I was curious and skeptic. So I downloaded the file which was on a yahoo server. And then, started digging into it. Ran a scan at VirusTotal and results were as follows.

Antivirus Version Update Result
AntiVirus 7.3.0.21 12.29.2006 TR/Dldr.Tibs.jy
Authentium 4.93.8 12.29.2006 W32/Tibs.RA
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.29.2006 Downloader.Generic3.EIY
BitDefender 7.2 12.29.2006 no virus found
CAT-QuickHeal 8.00 12.29.2006 TrojanDownloader.Tibs.jy
ClamAV devel-20060426 12.29.2006 Trojan.Downloader-388
DrWeb 4.33 12.29.2006 Trojan.DownLoader.17085
eSafe 7.0.14.0 12.28.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.101 12.29.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Luder.I
Ewido 4.0 12.29.2006 Downloader.Tibs.jy
Fortinet 2.82.0.0 12.29.2006 suspicious
F-Prot 3.16f 12.29.2006 security risk named W32/Tibs.RA
F-Prot4 4.2.1.29 12.29.2006 W32/Tibs.RA
Ikarus T3.1.0.27 12.29.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.29.2006 Email-Worm.Win32.Luder.a
McAfee 4928 12.28.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1945 12.29.2006 Win32/Nuwar.M
Norman 5.80.02 12.29.2006 W32/Tibs.NJJ
Panda 9.0.0.4 12.28.2006 no virus found
Prevx1 V2 12.29.2006 Trojan.Downloader
Sophos 4.13.0 12.28.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic
UNA 1.83 12.28.2006 no virus found
VBA32 3.11.1 12.28.2006 no virus found
VirusBuster 4.3.19:9 12.29.2006 Trojan.DL.Tibs.GV

Aditional Information
File size: 17559 bytes
MD5: 4adf7a3719c485a4e482498874b6695f
SHA1: c333fe30036768b6307326f49664454449b638ee
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=7a8466450539


Good thing I didn’t run it.
So any way I have emailed it to virus@avast.com. However I did not include a link to this thread, sorry about that. In fact I emailed three letters. You should bold the fact that you want them sent as zip files with the password virus by the way ;). Anyhow you all have a good product here and I’m proud to promote you to all my computer customers and friends. Keep up the good work.

Thanks for the heads up ShadowMonstr, welcome to the forums.

Its wise not to open attachments from unknown recipients, even recipients you do know if they are both unexpected or not normal for them. It is too easy to forge headers or they might even be infected, so it is best to do what you have done use common sense and don’t open unsolicited email attachments or click links in the same emails (this is more for the benefit of others reading this topic later).

There has been a rash of e-card seasons greetings purporting to be festive greetings just to get the inquisitive to open the attachment or click the link.

Sending it again with a link to the topic wouldn’t hurt. If you saved the attachment to an HDD you could add it to the chest and send it from there and avast covers the encryption and you don’t have to zip and password protect it.

Interesting that the quote the attachment has been scanned by Norton AntiVirus 2006, just something else to lull you into a false sense of security.

Email Sent With Link ;D