Post Express malware

I received an email today with a subject line and body given below. It had a file attached that ended in “.zip”. I put it in the chest for delivery to Avast.

I found a reference to what appears to be the same malware on this forum in February 2011. Avast scanned the email when it came in but didn’t report malware. I saved the attachment as a file and scanned it with Avast but still no warning. Sophos reports this a malware.

I was expecting Avast to catch this. Do I need to alter my settings?


Subject:

Post Express Report. Track number 2139266

and body:

Dear client.

Email notice number.0939262

Your package has been returned to the Post Express office.
The reason of the return is “Error in the delivery address”

Important message!
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages!

Thank you for your attention.
Post Express Service.

Hi whc, welcome to the forum :slight_smile:

The good old delivery email…

Have you sent the zip file to Virustotal?

Have you sent the file to avast, to be included into the virus database?

https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=501

Look at the option for “Moving files to the Virus Chest” and then “Submitting files from the Virus Chest to avast! Virus Lab

Scott

Hmm i had the same problem,it’s not pure malware i think,it’s just a word document that includes malicious websites.

Thanks for the welcome.

“Have you sent the file to avast, to be included into the virus database?
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=501

Yes.

“Have you sent the zip file to Virustotal?”
“Hmm i had the same problem,it’s not pure malware i think,it’s just a word document that includes malicious websites.”

I sent it to Virustotal:

Avast 4.8.1351.0 2011.03.14 -

ClamAV 0.96.4.0 2011.03.14 Trojan.Generic.Bredolab-2
Commtouch 5.2.11.5 2011.03.14 W32/Oficla.CX
NOD32 5951 2011.03.14 a variant of Win32/Kryptik.LPB
Panda 10.0.3.5 2011.03.13 Suspicious file
Sophos 4.63.0 2011.03.14 Troj/Bredo-FK
SUPERAntiSpyware 4.40.0.1006 2011.03.13 -
TrendMicro 9.200.0.1012 2011.03.14 PAK_Generic.001
TrendMicro-HouseCall 9.200.0.1012 2011.03.14 PAK_Generic.001

A half dozen of the other AV programs call it out as suspicious at best and trojan horse at worst. I’m using ver. 6 of Avast.

Thanks for the virustotal suggestion.

hmm bredolab,ouch.I had a similar problem,i changed my e-mail password and it solved the problem

Do you have the link to the virustotal results? (It is easier to read ;))

EDIT: How does changing your password stop spaam emails being sent to you? ::slight_smile:

This is more up-to-date:

http://www.virustotal.com/file-scan/report.html?id=29c2d897981953888027d75f86cfa6030bb6b28b376f445edf57b2fde0e48cf3-1300115003

Compromised account-email?

That’s better I can read it now ;D

Yeah, looks like avast need to add the detection. Now that you have sent it off, they have it, so I would suggest that you leave it in the chest, and scan periodically after database updates.

Just discovered this in the junk of my hotmail account…wont let me have it though…hotmail knows best ;D

Left123, doesn’t stop people sending you emails though…

Yes,i am talking about e-mail sent by us!,our e-mail

Yes, but this thread is talking about emails received ???

hm,missunderstood,sorry :-X

Thanks everyone.