Yahoo virus scan for attachments still brittle

The best malware scanner exists between keyboard and chair - I hope so at least. As I wrote some weeks ago, Yahoo has serious trouble with their virus scanner that automatically scans all attachments before being allowed for download. In general, I think this mechanism is quite a good idea - as long as it does what it is supposed to to. Instead, I got the impression that Yahoo's scanner is not much more than a window that automatically pops up when you press the "download attachment" button, telling you that everything is all right and thus giving you a good feeling. The sad thing is that feeling well is not much worth in security. Either a piece of software is dangerous or not - regardless what you feel.

That's what I thought when today I received this mail:

Your order has been paid! Parcel NR.4178.

Freitag, den 19. Februar 2010, 20:59:33 Uhr

Von:

Amazon Support Janette Akins
An: (erased)


Postal_package_NR624.zip (44KB)
Hello!

Thank you for shopping at Amazon.com
We have successfully received your payment.

Your order has been shipped to your billing address.
You have ordered " HP W2338H "

You can find your tracking number in attached to the e-mail document.
Print the postal label to get your package.


We hope you enjoy your order!
Amazon.com
The thing was quite clear in my eyes. I am no Amazon customer, and the mail wasn't even addressed to me. Of course, I didn't expect Yahoo to relieve the attachment's true nature, but I thought that the usual virus scanners should raise an alert.

Dr Web didn't.

Neither did Antivir, Avast, AVG and several famous antivirus laboratories. When I scanned the file at 20 h GMT, only 7 out of 41 scanners were able to detect the malicious content.

This quite puzzles me, I didn't think that the big players react that slowly.

http://www.virustotal.com/analisis/92264ce207d1a341469e4c191d1a4eb093776f9ad236855ebe4d534e8da43cfb-1266605153