There is a new malware that is being distributed in Australia via health insurance spam in a spreadsheet (.xls) which contains the Ursnif spyware. Do not rely upon health information from email/web. You should get this information from local/national authorities or health departments. Below is a HDB signature for this malware.

Copy the HDB signature to a Notepad file and save it in the ClamWin db program data folder, or add the signature to an existing HDB file if you already have it there. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.hdb. Select file type All Files to prevent the .txt or .text at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signature works--delete the signature file if it does not.

Signatures may last for one week or longer depending upon how lazy the malware authors are about changing their version.

Regards,

4c7e8031a16cb670e20dcab4aadb4f57:285184:Win.Trojan.Spy.Ursnif-042120-1111