Pages

Wednesday, 28 October 2015

Another incoming doc file.

This one purports to come from IKEA, apparently I ordered something for £122.60 which will be delivered tomorrow. I didn't order anything, of course, and neither did the other people who will be getting the same (or a similar) email. So, obviously, I want to look at the enclosed DOC file, "IKEA receipt 607656390.doc". The SHA-266 for this file is



92f733da9ba440f0632b495a32742d47a5cb296f49127f210e14de412e371bf8
and at least 20 people have received this file, uploaded it to VirusTotal and given their opinion that it's malware.

I haven't analysed the file, because I don't run a virus lab; I don't have an isolated computer on which I can run malware, happy that if the malware does something dreadful, I can just wipe and reload the computer. But A) it's a DOC file and B) the first DOC file virus (winword.concept) happened 20 years ago and Word macros can still do malicious things and C) I didn't order anything from IKEA and D) several products do flag it as malware.

Well, reading the enclosed file is what I'm supposed to do. Actually, I uploaded it to VirusTotal. 5 out of 55 products found a problem. 50 products didn't see any problem, so let's list the 50 products that failed.

ALYac        
AVG        
Ad-Aware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avast        
Avira        
Baidu-International        
BitDefender        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
Cyren        
DrWeb        
ESET-NOD32        
Emsisoft        
F-Prot        
Fortinet        
GData        
Ikarus        
Jiangmin        
K7AntiVirus        
K7GW        
Kaspersky        
Malwarebytes        
McAfee        
McAfee-GW-Edition        
MicroWorld-eScan        
Microsoft        
NANO-Antivirus        
Qihoo-360        
Rising        
SUPERAntiSpyware        
Sophos        
Symantec        
Tencent        
TheHacker        
TrendMicro        
TrendMicro-HouseCall        
VBA32        
ViRobot        
Zillya        
Zoner        
nProtect         


Is the AV product that you use, in this list?

Are you a techie working for one of these companies? Because if you are, you must find this intensely embarrassing.

Are you a marketroid working for one of these companies? Because if you are, I'd love to hear your explanation for why this is happening.

Are you a shareholder in one of these companies? Because if you are, perhaps you need to ask pointed questions at the next shareholder meeting.

No comments:

Post a comment