Nuevo mail masivo malicioso que adjunta fichero ZIP con DOWNLOADER TEPFER

Recibido mail similar a:

MAIL MALICIOSO:
_______________
Asunto: FW: Company 2013 Report
De: Administrator <DESTINATARIO>
Fecha: 31/01/2013 18:50
Para: <DESTINATARIO>
Signature: Digitally signed by tor@%3Cdestinatario”>administrator@<destinatario>
File Validity: 01/31/2013
Company : http:<destinatario>
File Format: Office – Excel
Internal Name: Company Report
Legal Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: 2013 Report.xls

********** Confidentiality Notice **********.
This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the person(s) mentioned above as recipient(s).
This e-mail may contain confidential information and/or information protected by intellectual property rights or other rights. If you
are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken
in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this
e-mail in error, please notify the sender and delete the original and any copies of this e-mail and any printouts immediately from
your system and destroy all copies of it.

ANEXADO FICHERO ZIP   <—- ojo, fichero malicioso “2013 Company Report.zip”

______________________
FIN DEL MAIL MALICIOSO
Dicho ZIP contiene fichero EXE con icono de Excel (mucho cuidado, la extension solo se ve si se indica mostrar extensiones):

El fichero en cuestion es un troyano DOWNLOADER TEPFER , que pasamos a controlar a partir del ELISTARA 27.00 de hoy

El preanalisis de virustotal ofrece este informe:

SHA256: 59e3965a2cfe21ebd1f4b7a4d71ec7ee46f3556d0ca8d8c0bfe654dd0a5f4475
SHA1: fc02ce0f0eb64c13359f1cfa1f4bf8ed919fa712
MD5: 04654a7d793d59d82ac672b430912b5c
Tamaño: 104.0 KB ( 106496 bytes )
Nombre: 2013Report.exe
Tipo: Win32 EXE
Etiquetas: peexe
Detecciones: 24 / 43
Fecha de análisis: 2013-02-01 09:35:25 UTC ( hace 1 hora, 16 minutos )
Antivirus Resultado Actualización
Agnitum – 20130131
AntiVir TR/Agent.4478945 20130201
Antiy-AVL – 20130131
Avast – 20130201
AVG – 20130201
BitDefender Gen:Variant.Symmi.10278 20130201
CAT-QuickHeal – 20130201
ClamAV – 20130131
Commtouch W32/Trojan3.ERU 20130201
Comodo UnclassifiedMalware 20130201
DrWeb Trojan.PWS.Stealer.1932 20130201
Emsisoft – 20130201
eSafe – 20130131
ESET-NOD32 Win32/PSW.Fareit.A 20130201
F-Prot W32/Trojan3.ERU 20130201
F-Secure Gen:Variant.Symmi.10278 20130201
Fortinet W32/Fareit.A!tr.pws 20130201
GData Gen:Variant.Symmi.10278 20130201
Ikarus Win32.SuspectCrc 20130201
Jiangmin – 20121221
K7AntiVirus Trojan 20130131
Kaspersky Trojan-PSW.Win32.Tepfer.fcvj 20130201
Kingsoft – 20130131
Malwarebytes Malware.Packer.SGX1 20130201
McAfee Generic PWS.O 20130201
McAfee-GW-Edition Artemis!04654A7D793D 20130201
Microsoft PWS:Win32/Fareit 20130201
MicroWorld-eScan Gen:Variant.Symmi.10278 20130201
NANO-Antivirus – 20130201
nProtect – 20130201
Panda Suspicious file 20130201
PCTools Trojan.Zbot 20130201
Rising – 20130201
Sophos – 20130131
SUPERAntiSpyware Trojan.Agent/Gen-RogueRel 20130201
Symantec Trojan.Zbot 20130201
TheHacker – 20130131
TotalDefense – 20130131
TrendMicro – 20130201
TrendMicro-HouseCall TROJ_GEN.F47V0131 20130201
VBA32 – 20130201
VIPRE Trojan.Win32.Generic!BT 20130201
ViRobot – 20130201

Dicha version del ELISTARA 27.00 que lo detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy

saludos

ms, 1-2-2013

NOTA: El la monitorizacion de dicho fichero malware, ya ha descargado otro troyano de la familia ZBOT-Y, que pasaremos a controlar igualmente con el ELISTARA 27.00