New round of infected emails!

Triple Helix · #1 August 19th, 2010, 11:19 PM

Scan from a Xerox WorkCentre Pro #1471642

VT results 12/42

TH

Name: Capture19-08-2010-10.59.47 PM.jpg
Views: 593
Size: 60.3 KB

JRViejo · #2 August 19th, 2010, 11:34 PM

TH, just received Print_document2938.zip. VT was 13/42 and virSCAN (8/36). Submitted the sample to Microsoft because MSE did not detect it.

Triple Helix · #3 August 19th, 2010, 11:38 PM

Quote:

Originally Posted by JRViejo

TH, just received Print_document2938.zip. VT was 13/42 and virSCAN (8/36). Submitted the sample to Microsoft because MSE did not detect it.

My ISP uses Norton so it got pass that and at this time Prevx doesn't detect nor does VIPRE or ESET on my VM's but I sent in the sample to them!

TH

JRViejo · #4 August 19th, 2010, 11:42 PM

Actually, my ISP caught it, however, I DL it to see if MSE would catch it. I was surprised to see in both VT & VS that ClamAV nailed it!

Triple Helix · #5 August 19th, 2010, 11:47 PM

We have a continuing thread going on at CoU about infected emails: http://www.calendarofupdates.com/upd...0&#entry109100

And a story here: http://news.softpedia.com/news/Fake-...n-147954.shtml

TH

JRViejo · #6 August 20th, 2010, 02:58 PM

MSE virus/spyware definition 1.89.42.0, dated 8/20/2010 at 2:48 am., caught my zipped file, during an individual file scan.

Microsoft is calling it Trojan:Win32/Meredrop, due to the Print_document_Nr195FH.exe inside the zipped file.

Triple Helix · #7 August 24th, 2010, 07:35 AM

Got another from supposed Fedex this time!

VirusTotal Results: 12/42 at the time of this post!

TH

Name: Capture24-08-2010-7.19.32 AM.jpg
Views: 386
Size: 52.6 KB

Name: Capture24-08-2010-7.19.32 AM.jpg
Views: 386
Size: 52.6 KB

JRViejo · #8 August 24th, 2010, 01:40 PM

TH, looks like you and I are receiving the same junk.

Just got FEDEXInvoiceEE023812OP.zip. VT (14/40) and virSCAN (7/36). Submitted the sample to Microsoft because MSE did not detect it.

Triple Helix · #9 August 24th, 2010, 04:56 PM

Quote:

Originally Posted by JRViejo

TH, looks like you and I are receiving the same junk.

Just got FEDEXInvoiceEE023812OP.zip. VT (14/40) and virSCAN (7/36). Submitted the sample to Microsoft because MSE did not detect it.

Hi JR,

My ISP uses Yahoo for there Email so that could be why for me and Yahoo uses Norton and that didn't stop it!

TH

Ibrad · #10 August 24th, 2010, 05:09 PM

I must be lucky because I have never received a email with a virus attached.

JRViejo · #11 August 24th, 2010, 06:12 PM

MSE virus/spyware definition 1.89.283.0, dated 8/24/2010 at 10:12 am., caught this FedEx zipped file, during an individual file scan.

Microsoft is calling it TrojanDropper:Win32/Oficla.T, due to the FedexInvoice_EE776129.exe inside the zipped file.

Dermot7 · #12 August 29th, 2010, 06:58 PM

From M86 Labs blog: "Over the past few days the Asprox botnet has been spamming out a fake FedEx campaign. We noticed this after we saw our old Asprox binaries downloading a new updated "196" version from the bot's command and control server.":
http://labs.m86security.com/2010/08/...asprox-binary/

Triple Helix · #13 September 1st, 2010, 09:38 AM

Got another one today from so called Fedex! VT results at time of post 6/43

TH

Name: Capture01-09-2010-9.13.40 AM.jpg
Views: 127
Size: 42.5 KB

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search