Malware undetected by many majopr AV's

Discussion in 'malware problems & news' started by softtouch, Nov 17, 2009.

Thread Status:
Not open for further replies.
  1. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Got today multiple times an email with an attachment.
    The email text is:

    "We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility."

    Extracting the zip reveals an "utility.exe"

    I sent it to VT, and most major or well known AV did not detect it, this includes avg, nod32, bitdefender, mse, f-prot, mcafee, panda, pctools and many more.
     
    Last edited: Nov 17, 2009
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,995
    Location:
    Last Breath Farm
    avast! flagged it as INFECTED and stopped it from downloading when MailWasherPro was checking for email messages...

    Event Type: Warning
    Event Source: avast!
    Event Category: Client
    Event ID: 90
    Date: 11/16/2009
    Time: 7:59:04 PM
    User: N/A
    Computer: NAME
    Description:
    Sign of "Win32:Trojan-gen" has been found in "Incoming email 'your mailbox has been deactivated' From: "alert@_________" <alert@________>, To: <onecal5@________>\utility.zip#621716327\utility.exe" file.
     
  3. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,018
    Location:
    U.S.A.
    softtouch, Wilders is not a malware trading forum. Be a good Samaritan and send the file to those companies who did not detect the infection.

    JR
     
  4. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Thanks, I did...
     
  5. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    After submitting it to the AV companies, MSE detect it now, guess other do to. Problem solved (for now)
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.