There is a new campaign to distribute Qbot and Lokibot malware targeting Excel on computers. Below are some (not all) HDB signatures for the malware. Copy each signature to a separate line in a new Notepad or similar text writer file, and then save the file as a file named Sigfile.hdb with a file type of “All Files” in the ClamWin database folder. Make sure the system does not name it with a .txt or .text extension on the end of the file name. ClamWin can not process signature files with those 2 extensions, and it will give you an error upon scanning. The file should be named only Sigfile.hdb.

After you save the signature file, scan a file somewhere with ClamWin to make sure the signatures work okay—sometimes I can make a mistake. If the scan gives you an error, delete this signature file from the database folder . You can add the signatures to the top of an already existing HDB signature file (just add a blank line and put the signatures there—any lines needed will be added. If you add to the bottom of an existing HDB file, you will get a scanning error.

These custom signatures will last for about a month. Delete them from the database folder after that.

0dc402a72f0a963d5ab34f2981ad75ef:148959:Office.Trojan.Squiblydoo-021022.1513
940217c5a3e41aa24b3b6c44c80d4b12:29449:Office.Trojan.Squiblydoo-021022.1519
a342af2e40255e71a880ea25d17bb4fb:29770:Office.Trojan.Squiblydoo-021022.1521
c42598d9ac9706b38a48ef7b89bed705:1160517:Office.Trojan.Squiblydoo-021022.1524
abebd0ed6fd6c71bf1593efc5eb3312f:772969:Office.Trojan.Squiblydoo-021022.1526

Regards,