October 29, 2008 - 08:34 UTC - Tags: virus
This week I have received several samples of a very similar looking malware. It's basically a .zip-file containing a "document". The last version I got was from "Your UPS". The reason I'm writing document with quotes is that it first appears to be a .doc file, but it has an .exe extension at the end after a lot of white space:
Inv#3982.doc
.exe
With a *nix style shell escaping in front of every space, it looks like this:
Inv#3982.doc\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ .exe
14 out of 36 virus scanners on virustotal detect it:
analysis