Malware undetected by many majopr AV's

Discussion in 'malware problems & news' started by softtouch, Nov 17, 2009.

Thread Status:
Not open for further replies.
  1. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Got today multiple times an email with an attachment.
    The email text is:

    "We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility."

    Extracting the zip reveals an "utility.exe"

    I sent it to VT, and most major or well known AV did not detect it, this includes avg, nod32, bitdefender, mse, f-prot, mcafee, panda, pctools and many more.
     
    Last edited: Nov 17, 2009
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    avast! flagged it as INFECTED and stopped it from downloading when MailWasherPro was checking for email messages...

    Event Type: Warning
    Event Source: avast!
    Event Category: Client
    Event ID: 90
    Date: 11/16/2009
    Time: 7:59:04 PM
    User: N/A
    Computer: NAME
    Description:
    Sign of "Win32:Trojan-gen" has been found in "Incoming email 'your mailbox has been deactivated' From: "alert@_________" <alert@________>, To: <onecal5@________>\utility.zip#621716327\utility.exe" file.
     
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    softtouch, Wilders is not a malware trading forum. Be a good Samaritan and send the file to those companies who did not detect the infection.

    JR
     
  4. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Thanks, I did...
     
  5. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    After submitting it to the AV companies, MSE detect it now, guess other do to. Problem solved (for now)
     
Loading...
Thread Status:
Not open for further replies.