Hallo everybody,
This morning I received a trojan virus via e-mail.
The mail subject is “Chinese missile shot down USA satellite.” The message body is empty. It has an attachment named “FullStory.exe”.
I have Avast netclient edition, updated daily; avast version is 4.7.599.0, vps version is 0704-0, 18/01/2007
The e-mail client is Thunderbird, the OS is winxp SP2 up-to-date with windows update.
The strange thing is that Avast did not notice the virus when the e-mail client downloaded the message.
I saved the .exe file to a folder on the C: drive, and run the scanner on it (right clicked on the file and selected “scan with avast”), but it did not alert me of the danger.
The kaspersky on-line file scanner identified “Trojan-Downloader.Win32.Agent.bet” in the file.
There is another thread already on the first page of the forum that covers this threat.
I am not trying to make any excuses for this not being detected by avast in email attachments since this is an active and widespread threat at the moment.
However, I recommend to all those I support that they should be running the Internet Mail scanner of avast at high sensitivity. I believe that to catch a number of threats the high level is necessary.
That level has been giving me heuristic warnings over the past few days of a dangerous attachment in the form of video.exe, fullstory.exe etc. that the various versions of this message contain. Avast has warned me on all of the many (20-30) copies of this that have been in my email and removed the attachment.
Unfortunately we don’t run avast mail scanner, but I was able to “identify” that file as a virus as soon as I read the subject and saw the attachment. A bit of user common sense could save companies millions…
If you still have the sample .exe file. Send the sample to virus@avast.com zipped and password protected with password in email body and undetected trojan, etc. in the subject. Or Add it to the User Files section (File, Add) of the avast chest and send it from there.