New round of infected emails!

Discussion in 'malware problems & news' started by Triple Helix, Aug 19, 2010.

Thread Status:
Not open for further replies.
  1. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Scan from a Xerox WorkCentre Pro #1471642

    VT results 12/42

    TH

    Capture19-08-2010-10.59.47 PM.jpg
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    TH, just received Print_document2938.zip. VT was 13/42 and virSCAN (8/36). Submitted the sample to Microsoft because MSE did not detect it.
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    My ISP uses Norton so it got pass that and at this time Prevx doesn't detect nor does VIPRE or ESET on my VM's but I sent in the sample to them!

    TH
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    Actually, my ISP caught it, however, I DL it to see if MSE would catch it. I was surprised to see in both VT & VS that ClamAV nailed it! o_O
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  6. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    MSE virus/spyware definition 1.89.42.0, dated 8/20/2010 at 2:48 am., caught my zipped file, during an individual file scan.

    Microsoft is calling it Trojan:Win32/Meredrop, due to the Print_document_Nr195FH.exe inside the zipped file.
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Got another from supposed Fedex this time!

    VirusTotal Results: 12/42 at the time of this post!

    TH

    Capture24-08-2010-7.19.32 AM.jpg
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    TH, looks like you and I are receiving the same junk. :ouch:

    Just got FEDEXInvoiceEE023812OP.zip. VT (14/40) and virSCAN (7/36). Submitted the sample to Microsoft because MSE did not detect it.
     
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Hi JR,

    My ISP uses Yahoo for there Email so that could be why for me and Yahoo uses Norton and that didn't stop it! o_O

    TH
     
  10. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,949
    I must be lucky because I have never received a email with a virus attached.
     
  11. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,922
    Location:
    U.S.A.
    MSE virus/spyware definition 1.89.283.0, dated 8/24/2010 at 10:12 am., caught this FedEx zipped file, during an individual file scan.

    Microsoft is calling it TrojanDropper:Win32/Oficla.T, due to the FedexInvoice_EE776129.exe inside the zipped file.
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Got another one today from so called Fedex! VT results at time of post 6/43

    TH

    Capture01-09-2010-9.13.40 AM.jpg
     
Loading...
Thread Status:
Not open for further replies.