In the past 2 days, we have noted a number of ‘questionable’ files that weren’t flagged as being a virus or malware but exhibited behavior that led us to believe that they were. We submitted samples to ESET and received the response below this morning. I suspect that the signatures will make it’s way into most major antivirus products by days end but, until that time, you may be left unprotected. We have been able to get these files through gateway security devices, email malware scanners and local antivirus scanners, even running explicit scans on the files. They files have been delivered via email as Airline tickets (claiming that we purchased them) and UPS and USPS tracking information. If you receive any such notifications, please confirm that the reported sender sent them prior to opening them. Actual payload at this time is still undetermined.
Forward this email to friends and family and encourage them to update their antivirus regularly over the next day or two.
Thank you for your submission.
The detection for this threat will be included in our next signature update.
AA_Ticket_Print_Document.exe – Win32/TrojanDownloader.Zortob.B trojan
ESET Malware Response Team