This one purports to come from IKEA, apparently I ordered something for £122.60 which will be delivered tomorrow. I didn't order anything, of course, and neither did the other people who will be getting the same (or a similar) email. So, obviously, I want to look at the enclosed DOC file, "IKEA receipt 607656390.doc". The SHA-266 for this file is
92f733da9ba440f0632b495a32742d47a5cb296f49127f210e14de412e371bf8
and at least 20 people have received this file, uploaded it to VirusTotal and given their opinion that it's malware.
I haven't analysed the file, because I don't run a virus lab; I don't have an isolated computer on which I can run malware, happy that if the malware does something dreadful, I can just wipe and reload the computer. But A) it's a DOC file and B) the first DOC file virus (winword.concept) happened 20 years ago and Word macros can still do malicious things and C) I didn't order anything from IKEA and D) several products do flag it as malware.
Well, reading the enclosed file is what I'm supposed to do. Actually, I uploaded it to VirusTotal. 5 out of 55 products found a problem. 50 products didn't see any problem, so let's list the 50 products that failed.
ALYac
AVG
Ad-Aware
AegisLab
Agnitum
AhnLab-V3
Alibaba
Antiy-AVL
Avast
Avira
Baidu-International
BitDefender
Bkav
ByteHero
CAT-QuickHeal
CMC
ClamAV
Comodo
Cyren
DrWeb
ESET-NOD32
Emsisoft
F-Prot
Fortinet
GData
Ikarus
Jiangmin
K7AntiVirus
K7GW
Kaspersky
Malwarebytes
McAfee
McAfee-GW-Edition
MicroWorld-eScan
Microsoft
NANO-Antivirus
Qihoo-360
Rising
SUPERAntiSpyware
Sophos
Symantec
Tencent
TheHacker
TrendMicro
TrendMicro-HouseCall
VBA32
ViRobot
Zillya
Zoner
nProtect
Is the AV product that you use, in this list?
Are you a techie working for one of these companies? Because if you are, you must find this intensely embarrassing.
Are you a marketroid working for one of these companies? Because if you are, I'd love to hear your explanation for why this is happening.
Are you a shareholder in one of these companies? Because if you are, perhaps you need to ask pointed questions at the next shareholder meeting.
No comments:
Post a Comment