Worm.Win32.Mabezat – problem winmail.dat

We have received a new spam email with the subject named problems from an unknown sender. In the email there was a file attached named winmail.dat

Below there is the message of the email:

When I had opened your last email I received some errors have been
saved in the attached file. Please inform me with those errors as soon as possible.

The original file name is outlooklog.rar and compressed by WinRAR no virus found.

Use WinRAR to decompress the file.

The attached file extracted this file:

\Documents and Settings\MyDocuments\Readme.doc .exe

Screenshot winmail.dat

Report from the virus scanner:

Report Generated: 25.4.2009 at 14.30.44 (GMT 1)
File Name: Readme.doc.exe
File Size: 107 KB
MD5 Hash: FFF3D04DEEA479E4B20326E2F064C5D9
SHA1 Hash: 6706D9D75527CCB81F987ED695CCE8E496A57531
Detection Rate: 23 on 23 (100 %)
Antivirus Sig version Engine Version Result
a-squared 23/04/2009 Worm.Win32.Mabezat.b!IK
Avira AntiVir Worm/Mabezat.b
Avast 090423-0 4.8.1229 Win32:Mabezat
AVG 270.12.4/2079 Worm/Generic.EDT
BitDefender 25/04/2009 Win32.Worm.Mabezat.J
ClamAV 23/04/2009 W32.Mabezat-2
Comodo 1127 3.8 Worm.Win32.Mabezat.b
Dr.Web 25/04/2009 5.0 Win32.HLLW.Tazebama
Ewido 25/04/2009 Worm.Mabezat.b
F-PROT 6 20090424 W32/Worm!a69a
G DATA 19.3655 2.0.7309.847 Worm.Win32.Mabezat.b A
IkarusT3 23/04/2009 1001044 Worm.Win32.Mabezat.b
Kaspersky 25/04/2009 Worm.Win32.Mabezat.b
McAfee 23/04/2009 W32/Mabezat virus
Malware Hash Registry 25/04/2009 N/A detect rate 86%
NOD32 v3 4035 3.0.677 Win32/Mabezat.A virus
Norman 2009/04/24 5.92.08 Virus Mabezat.B
Panda 07/02/2009 W32/Mabezat.C.worm
QuickHeal 25 April, 2009 10.0 W32.Mabezat.Dr
Sophos 25/04/2009 4.32.0 W32/Mabezat-B
TrendMicro 981(598100) 1.1-1001 PE_MABEZAT.B-O
VBA32 25/04/2009 Worm.Win32.Mabezat.b
VirusBuster 10.105.4 1.4.3 Worm.Mabezat.A

You can read this article for an analysis of the malware activity:
PROHIBITED_MATRIMONY.rar Spam = Worm.Win32.Mabezat

Random Posts

Previous Posts