McAfee and sample submissions

Discussion in 'other anti-virus software' started by EliteKiller, Feb 9, 2010.

Thread Status:
Not open for further replies.
  1. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    This morning a co-worker received an email from DHL with an attachment. The attachment was titled "UPS_Print_Label_912.zip" and inside was an executable with an icon of a MS Word document. At the time neither Prevx 3.0, MBAM, or Panda Cloud was detecting anything malicious. I uploaded to Virus Total and someone else had already uploaded it a few hours ago. At the time only 15/40 were able to detect it. I decided to submit the sample to several companies, one of them being McAfee, as a password protected zip renamed to .zi_p in order to pass thru Gmail. I even tested the file before submitting to make sure you would be prompted for a password upon opening the file.

    McAfee Labs - Beaverton replied:

    I can only assume the "bot" was unable to process the file since the extension was renamed. Even then it should be passed on to a real analyst for further inspection. Has anyone else had issues submitting samples to McAfee?
     
    EliteKiller, Feb 9, 2010
    #1
  2. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    lordpake, Feb 10, 2010
    #2
  3. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    256
    can send sample via e-mail

    Virus_Research @ avertlabs.com

    zip the file,and use "infected" as pass.
     
    marciocruz, Feb 11, 2010
    #3
  4. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi Elite,

    MBAM wont unpack zipped folders to sniff the file inside,

    If you custom scanned the extracted file and we did not detect the malicious code can you please upload @ the MBAM research center and i will make sure its attended too quickly.
    http://forums.malwarebytes.org/index.php?showforum=51

    Thanks in advance :)
     
    fcukdat, Feb 11, 2010
    #4
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Sorry for not clarifying in my original post, but that is the address I sent it to.

    Howdy. :) I unzipped and scanned the actual .exe Tuesday morning with MBAM and which came up clean. I uploaded the .zip to
    http://uploads.malwarebytes.org/ (which is now offline) and scanned it a few minutes ago.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3721
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/11/2010 12:40:26 PM
    mbam-log-2010-02-11 (12-40-26).txt

    Files Infected:
    c:\documents and settings\texascom\desktop\ups_print_label_912\UPS_Print_Label_912.exe (Trojan.Sasfis) -> Quarantined and deleted successfully.

    :thumb:
     
    EliteKiller, Feb 11, 2010
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...