As everyone knows, no single protection system is 100% - and even with a layered defense, it is possible for a threat to arrive on your PC (or Mac) without detection - the final step between you an POTENTIAL infections, is you!

This very morning, I received just such a threat - it arrives in an email and was not picked up by ESET as an email threat. The email came to a publicly available email address - and it there were some obvious clues that this was not a legitimate email...



Clues in the email:

1. from a company, business, or person we didn't recognize
2. to a publicly available email address we only expect email on a particular topic (and the topic was not correct)
3. a zipped attachment included with the email Next, I opened the .ZIP archive - and I don't necessarily recommend that you do this - you can skip right to sending the suspicious email to ESET, but here is what I found inside the .ZIP archive...



Inside this archive was a program - not a bill, or PDF document (which would not need to be sent inside an archive). This executable file was a HUGE red flag waving at me.

So - it was time to send this to ESET labs - and to let them decide if it was indeed a threat or not...



To send to ESET labs, simply forward the email to "samples@eset.sk" - include a small description of your concerns - explain that you suspect the email contains a threat!

Within a few minutes, I had received a response from ESET, confirming that there was indeed a threat and they would add this to the very next definitions update - this will protect recipients of this same threat as soon as the email is scanned (assuming they have Email scanning turned on).



We are pleased to let you know, that this particular threat was added by ESET labs as:

conEdison-Billing-Summary.exe - Win32/Spy.Zbot.YW trojan - here is the nod32 update that followed the submission.

This entry was posted by Greg Hewitt-Long on Wednesday, January 11. 2012 at 08:44. and is filed under Virus & AntiVirus News.