E-gold security connect
久しぶりにメールサーバでのウィルスチェックに引っかからないものが到着
E-goldということで多分スパイウェアだと思われ・・・
Subject: E-gold security connect From: E-gold <Connect_donotreply@e-gold.com> To: xxxxxxxx@xxx.xxxxxx.xx.jp X-Mailer: Microsoft Outlook Express V6.00.2900.2180 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_BAFD4D7E.6055DC96" X-Attach: ŽóM“Y•t\051102_02\Connect.zip Date: Tue, 01 Nov 2005 20:26:53 +0000 Received: from xxxxx.xxx.xx.jp (xxxxx.xxx.xx.jp [xxx.xx.xxx.xxx]) by xxx.xxxxxx.xx.jp (8.12.11/3.7W-20030704) with SMTP id jA1KknTU013487 for <xxxxxxxx@xxx.xxxxxx.xx.jp>; Wed, 2 Nov 2005 05:46:49 +0900 (JST) Received: from xxxxx.xxx.xx.jp(xxx.xx.xxx.xxx) by xxxxxxxxx.xxx.xx.jp via smtp id 38b6_405a45d2_4b17_11da_9911_001143d3323b; Wed, 02 Nov 2005 05:37:00 +0900 Received: from xxxxx.xxx.xx.jp(xxx.xx.xxx.xxx) by xxxxxxxxx.xxx.xx.jp via smtp id 7c27_e2298346_4b17_11da_8e76_001143d35d52; Wed, 02 Nov 2005 05:41:31 +0900 Received: from 218.40.209.252 (yzm0508.yzmcr1.thn.ne.jp [218.40.209.252]) by xxxxx.xxx.xx.jp (8.12.11/3.7W-20030320) with SMTP id jA1KkP2c020433 for <xxxxxxxx@xxx.xxxxxx.xx.jp>; Wed, 2 Nov 2005 05:46:40 +0900 (JST) Received: from yzm0508.yzmcr1.thn.ne.jp(218.40.209.252) by xxxxxxxxx.xxx.xx.jp via smtp id 7b11_d4ecc31e_4b17_11da_8a99_001143d35d52; Wed, 02 Nov 2005 05:41:24 +0900 Message-ID: <067f01c5df22$5aaf6671$3c0aa540@e-gold.com> MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Body-Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original -------------------------------------------------- * * * Read/Save/Print this email message * * * -------------------------------------------------- Dear e-gold payment system user, The recent cases of fraud, unauthorized withdrawal of cash from our clients' accounts and recurred attempts of hackers to access our server forced us to implement a new security system. The special program will ensure safe connection of your computer to our server by means of a unique encoded key, specially generated for each account. Only the combination of your login, password and the key will allow you to access the system. The program is enclosed to the message and doesn't need any installation. By one click you will be connected to the server and the program will generate the key. After that you will enter your account from Internet Explorer, which is absolutely safe. You will be signed out of the program automatically after closing the window. See the detailed operational instruction enclosed to the program. We have to warn you, that if you want to be the user of our system in future, you'll have to accept our rules and to use this program. Otherwise please call the numbers below to withdraw your funds. For the detailed information please enter our site or use our hot line to contact us by phone. Our Contacts: Phone (Worldwide) +1 321-957-1200 FAX (Worldwide) +1 321-952-0790 --------------------------------------------- Thank you for using e-gold! ---------------------------------------------
Connect.zipが添付
Connect.zipの中身はConnect.exe
検体のVirusTotalでの現在のチェック結果
Antivirus | Version | Update | Result |
AntiVir | 6.32.0.6 | 11.04.2005 | TR/FURootkit |
Avast | 4.6.695.0 | 11.04.2005 | Win32:Goldun-V |
AVG | 718 | 11.03.2005 | eneric.CYC |
Avira | 6.32.0.6 | 11.04.2005 | TR/FURootkit |
BitDefender | 7.2 | 11.04.2005 | Trojan.Spy.Goldun.EA |
CAT-QuickHeal | 8.00 | 11.03.2005 | TrojanSpy.Goldun.ea |
ClamAV | devel-20050917 | 11.03.2005 | no virus found |
DrWeb | 4.33 | 11.03.2005 | Trojan.PWS.GoldSpy |
eTrust-Iris | 7.1.194.0 | 11.03.2005 | Win32/Essgol.25501!Trojan |
eTrust-Vet | 11.9.1.0 | 11.04.2005 | Win32.Essgol.R |
Fortinet | 2.48.0.0 | 11.04.2005 | Spy/Goldun.HB |
F-Prot | 3.16c | 11.03.2005 | security risk named W32/Goldun.BU@pws |
Ikarus | 0.2.59.0 | 11.03.2005 | IM-Worm.Win32.Lewor.D |
Kaspersky | 4.0.2.24 | 11.04.2005 | Trojan-Spy.Win32.Goldun.ea |
McAfee | 4619 | 11.03.2005 | PWS-Banker.k.gen |
NOD32v2 | 1.1275 | 11.03.2005 | Win32/Spy.Goldun.EA |
Norman | 5.70.10 | 11.04.2005 | W32/FURootkit.A |
Panda | 8.02.00 | 11.03.2005 | Trj/Goldun.CU |
Sophos | 3.99.0 | 11.04.2005 | Troj/Goldun-AK |
Symantec | 8.0 | 11.03.2005 | Trojan.Goldun |
TheHacker | 5.9.1.028 | 11.04.2005 | no virus found |
VBA32 | 3.10.4 | 11.03.2005 | Trojan-Spy.Win32.Goldun.ea |
ウイルスバスターオンラインスキャンでの結果
パターン 2.929.00
TSPY_GOLDUN.AN
http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=TSPY_GOLDUN.AN&VSect=T