I received a email from someone I do not know. It read.
Date: Fri, 29 Dec 2006 03:30:18 +0100
From: “Vivian Z. Castillo” ncozcc@norda-lysell.de
Add to Address Book Add Mobile Alert
To: *******@yahoo.com
Subject: Happy New Year!
Attachments
Attachment scanning provided by: Norton AntiVirus 2006
Files:
postcard.exe (17k)
Scan and Save to Computer - Save to Yahoo! Briefcase
Thats it. Well I was curious and skeptic. So I downloaded the file which was on a yahoo server. And then, started digging into it. Ran a scan at VirusTotal and results were as follows.
Antivirus Version Update Result
AntiVirus 7.3.0.21 12.29.2006 TR/Dldr.Tibs.jy
Authentium 4.93.8 12.29.2006 W32/Tibs.RA
Avast 4.7.892.0 12.21.2006 no virus found
AVG 386 12.29.2006 Downloader.Generic3.EIY
BitDefender 7.2 12.29.2006 no virus found
CAT-QuickHeal 8.00 12.29.2006 TrojanDownloader.Tibs.jy
ClamAV devel-20060426 12.29.2006 Trojan.Downloader-388
DrWeb 4.33 12.29.2006 Trojan.DownLoader.17085
eSafe 7.0.14.0 12.28.2006 suspicious Trojan/Worm
eTrust-InoculateIT 23.73.101 12.29.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 Win32/Luder.I
Ewido 4.0 12.29.2006 Downloader.Tibs.jy
Fortinet 2.82.0.0 12.29.2006 suspicious
F-Prot 3.16f 12.29.2006 security risk named W32/Tibs.RA
F-Prot4 4.2.1.29 12.29.2006 W32/Tibs.RA
Ikarus T3.1.0.27 12.29.2006 Trojan-Downloader.Win32.Tibs.jy
Kaspersky 4.0.2.24 12.29.2006 Email-Worm.Win32.Luder.a
McAfee 4928 12.28.2006 no virus found
Microsoft 1.1904 12.27.2006 no virus found
NOD32v2 1945 12.29.2006 Win32/Nuwar.M
Norman 5.80.02 12.29.2006 W32/Tibs.NJJ
Panda 9.0.0.4 12.28.2006 no virus found
Prevx1 V2 12.29.2006 Trojan.Downloader
Sophos 4.13.0 12.28.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 Trojan/Downloader.Generic
UNA 1.83 12.28.2006 no virus found
VBA32 3.11.1 12.28.2006 no virus found
VirusBuster 4.3.19:9 12.29.2006 Trojan.DL.Tibs.GV
Aditional Information
File size: 17559 bytes
MD5: 4adf7a3719c485a4e482498874b6695f
SHA1: c333fe30036768b6307326f49664454449b638ee
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=7a8466450539
Good thing I didn’t run it.
So any way I have emailed it to virus@avast.com. However I did not include a link to this thread, sorry about that. In fact I emailed three letters. You should bold the fact that you want them sent as zip files with the password virus by the way ;). Anyhow you all have a good product here and I’m proud to promote you to all my computer customers and friends. Keep up the good work.