Virus "Trojan horse Injector.FP" Slips Through Postini
True Blade uses Postini for our email virus and spam filtering. Today's the first time I can recall that Postini has let a virus come through. The email's Subject was: "Western Union transfer is available for withdrawl". Other technical details of the email and the virus are presented below.
Today at 9:56pm I received an email with a virus in an attached zip file. Others are probably receiving the message as well so delete the email if you receive it.
For testing purposes, I uploaded the zip file to a Linux server and unzipped the zip file to look at what was inside. At that point AVG anti-virus was able to immediately identify the .exe file within the email as a virus.
The email came with a .zip file attachment called M2f318a54.zip with file size 28357 bytes.
Inside the zip file was an executable program: M2f318a54.exe, 45056 bytes, and dated Jan 18, 2038. Delete this email if you receive it; do not open this email or forward it to others. Below is the email's header and body.
Received: from murder ([unix socket])
by deleted (Cyrus v2.3.7-Invoca-RPM-2.3.7-8.fc6) with LMTPA;
Tue, 01 Sep 2009 20:56:17 -0400
X-Sieve: CMU Sieve 2.3
Received: from psmtp.com (exprod8mx279.postini.com [22.214.171.124])
by tok.trueblade.com (Postfix) with SMTP id 478131818164
for <deleted>; Tue, 1 Sep 2009 20:56:14 -0400 (EDT)
Received: from source ([126.96.36.199]) by exprod8mx279.postini.com ([188.8.131.52]) with SMTP;
Wed, 02 Sep 2009 00:56:16 GMT
Received: from 184.108.40.206 by mail.sobmen.ru; Tue, 1 Sep 2009 20:56:09 -0500
From: "Misty Fournier" <firstname.lastname@example.org>
Subject: Western Union transfer is available for withdrawl
Date: Tue, 1 Sep 2009 20:56:09 -0500
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-pstn-levels: (S: 0.06505/99.18051 CV: 0.0000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:9
7.0282 C:98.6951 )
This is a multi-part message in MIME format.
The amount of money transfer: 2111 USD.
Money is available to withdrawl.
You may find the MTCN number and receiver's details in document attached to this email.