About a 65% chance…

So I received a file in my spammy email box today that had a zip file attachment.  And if I would have opened it, there was about a 65% chance that my antivirus would not catch it.


http://www.virustotal.com/analisis/834ff43c981ec75b04186007074e94d4


a-squared 4.0.0.101 2009.04.24 Trojan-Spy.Win32.Zbot!IK
AhnLab-V3 5.0.0.2 2009.04.24 –
AntiVir 7.9.0.156 2009.04.24 TR/PSW.Zbot.M
Antiy-AVL 2.0.3.1 2009.04.24 –
Authentium 5.1.2.4 2009.04.24 W32/Trojan3.AMN
Avast 4.8.1335.0 2009.04.23 –
AVG 8.5.0.287 2009.04.24 –
BitDefender 7.2 2009.04.24 –
CAT-QuickHeal 10.00 2009.04.23 (Suspicious) – DNAScan
ClamAV 0.94.1 2009.04.24 Trojan.Agent-98369
Comodo 1133 2009.04.24 –
DrWeb 4.44.0.09170 2009.04.24 –
eSafe 7.0.17.0 2009.04.23 Suspicious File
eTrust-Vet 31.6.6474 2009.04.24 –
F-Prot 4.4.4.56 2009.04.24 W32/Trojan3.AMN
F-Secure 8.0.14470.0 2009.04.24 Trojan-Spy:W32/Zbot.OSM
Fortinet 3.117.0.0 2009.04.24 –
GData 19 2009.04.24 –
Ikarus T3.1.1.49.0 2009.04.24 Trojan-Spy.Win32.Zbot
K7AntiVirus 7.10.714 2009.04.23 –
Kaspersky 7.0.0.125 2009.04.24 –
McAfee 5595 2009.04.24 –
McAfee+Artemis 5595 2009.04.24 –
McAfee-GW-Edition 6.7.6 2009.04.24 Trojan.PSW.Zbot.M
Microsoft 1.4602 2009.04.24 PWS:Win32/Zbot.M
NOD32 4034 2009.04.24 –
Norman 6.00.06 2009.04.24 –
nProtect 2009.1.8.0 2009.04.24 –
Panda 10.0.0.14 2009.04.24 –
PCTools 4.4.2.0 2009.04.24 –
Prevx1 3.0 2009.04.24 High Risk Worm
Rising 21.26.44.00 2009.04.24 –
Sophos 4.41.0 2009.04.24 Troj/Agent-JQF
Sunbelt 3.2.1858.2 2009.04.24 –
Symantec 1.4.4.12 2009.04.24 Trojan Horse
TheHacker 6.3.4.0.313 2009.04.24 –
TrendMicro 8.700.0.1004 2009.04.24 –
VBA32 3.12.10.3 2009.04.24 –
ViRobot 2009.4.24.1708 2009.04.24 –
VirusBuster 4.6.5.0 2009.04.24 –


Threat characteristics of ZBot – a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.

2 Thoughts on “About a 65% chance…

  1. such a file should never make it to your inbox. Your mail scanner should outright block zip files with executable content.

  2. bradley on April 24, 2009 at 4:26 pm said:

    I have one inbox I leave unfiltered. Honeypot if you will that lets me see what’s out there because stuff ‘does’ get through no matter how well we think it won’t.

Post Navigation