Today I was hit with a 0-day virus – ZBot/Backdoor.Paproxy or whatever antivirus companies call it.

It came as E-mail claiming to be from UPS (You guess now why UPS virus is in quotes) and was a zip file with executable inside. UPS_INVOICE_978172.zip to be exact, but there are several variants.

Usually the common is that they contain as subject line:”[RE] UPS Tracking Number” followed by random number.

Most of the e-mails were detected (as spam) by the antivirus scanner on mail gateway, but some reached end users.

To be honest this one was really good in attracting them (the users) to open it and some did….

This was no pleasant experience. Right away PC rebooted and trojan was installed.

Other problem was that there was only 2 companies who were able to detect it this morning (the number increased to 13 afternoon).

After updated virus definitions from Symantec were installed Backdoor was detected and removed.

Lesson learned: NEVER open executable from attachment.

Here you ca see if your antivirus is up to date with that particular virus.

Another  version…

UPDATE: There are new versions not recognized by Symantec yet. So follow above lesson.

Comments

Leave a Reply