McAfee and sample submissions

Discussion in 'other anti-virus software' started by EliteKiller, Feb 9, 2010.

Thread Status:
Not open for further replies.
  1. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    This morning a co-worker received an email from DHL with an attachment. The attachment was titled "UPS_Print_Label_912.zip" and inside was an executable with an icon of a MS Word document. At the time neither Prevx 3.0, MBAM, or Panda Cloud was detecting anything malicious. I uploaded to Virus Total and someone else had already uploaded it a few hours ago. At the time only 15/40 were able to detect it. I decided to submit the sample to several companies, one of them being McAfee, as a password protected zip renamed to .zi_p in order to pass thru Gmail. I even tested the file before submitting to make sure you would be prompted for a password upon opening the file.

    McAfee Labs - Beaverton replied:

    I can only assume the "bot" was unable to process the file since the extension was renamed. Even then it should be passed on to a real analyst for further inspection. Has anyone else had issues submitting samples to McAfee?
     
  2. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
  3. marciocruz

    marciocruz Registered Member

    Joined:
    May 7, 2008
    Posts:
    249
    can send sample via e-mail

    Virus_Research @ avertlabs.com

    zip the file,and use "infected" as pass.
     
  4. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Hi Elite,

    MBAM wont unpack zipped folders to sniff the file inside,

    If you custom scanned the extracted file and we did not detect the malicious code can you please upload @ the MBAM research center and i will make sure its attended too quickly.
    http://forums.malwarebytes.org/index.php?showforum=51

    Thanks in advance :)
     
  5. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Sorry for not clarifying in my original post, but that is the address I sent it to.

    Howdy. :) I unzipped and scanned the actual .exe Tuesday morning with MBAM and which came up clean. I uploaded the .zip to
    http://uploads.malwarebytes.org/ (which is now offline) and scanned it a few minutes ago.

    Malwarebytes' Anti-Malware 1.44
    Database version: 3721
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/11/2010 12:40:26 PM
    mbam-log-2010-02-11 (12-40-26).txt

    Files Infected:
    c:\documents and settings\texascom\desktop\ups_print_label_912\UPS_Print_Label_912.exe (Trojan.Sasfis) -> Quarantined and deleted successfully.

    :thumb:
     
Loading...
Similar Threads
  1. Ibrad
    Replies:
    24
    Views:
    2,401
Thread Status:
Not open for further replies.