New round of infected emails!

Discussion in 'malware problems & news' started by Triple Helix, Aug 19, 2010.

Thread Status:
Not open for further replies.
  1. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,559
    Location:
    Ontario, Canada
    Scan from a Xerox WorkCentre Pro #1471642

    VT results 12/42

    TH

    Capture19-08-2010-10.59.47 PM.jpg
     
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,009
    Location:
    U.S.A.
    TH, just received Print_document2938.zip. VT was 13/42 and virSCAN (8/36). Submitted the sample to Microsoft because MSE did not detect it.
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,559
    Location:
    Ontario, Canada
    My ISP uses Norton so it got pass that and at this time Prevx doesn't detect nor does VIPRE or ESET on my VM's but I sent in the sample to them!

    TH
     
  4. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,009
    Location:
    U.S.A.
    Actually, my ISP caught it, however, I DL it to see if MSE would catch it. I was surprised to see in both VT & VS that ClamAV nailed it! o_O
     
  5. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,559
    Location:
    Ontario, Canada
  6. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,009
    Location:
    U.S.A.
    MSE virus/spyware definition 1.89.42.0, dated 8/20/2010 at 2:48 am., caught my zipped file, during an individual file scan.

    Microsoft is calling it Trojan:Win32/Meredrop, due to the Print_document_Nr195FH.exe inside the zipped file.
     
  7. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,559
    Location:
    Ontario, Canada
    Got another from supposed Fedex this time!

    VirusTotal Results: 12/42 at the time of this post!

    TH

    Capture24-08-2010-7.19.32 AM.jpg
     
  8. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,009
    Location:
    U.S.A.
    TH, looks like you and I are receiving the same junk. :ouch:

    Just got FEDEXInvoiceEE023812OP.zip. VT (14/40) and virSCAN (7/36). Submitted the sample to Microsoft because MSE did not detect it.
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,559
    Location:
    Ontario, Canada
    Hi JR,

    My ISP uses Yahoo for there Email so that could be why for me and Yahoo uses Norton and that didn't stop it! o_O

    TH
     
  10. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,959
    I must be lucky because I have never received a email with a virus attached.
     
  11. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,009
    Location:
    U.S.A.
    MSE virus/spyware definition 1.89.283.0, dated 8/24/2010 at 10:12 am., caught this FedEx zipped file, during an individual file scan.

    Microsoft is calling it TrojanDropper:Win32/Oficla.T, due to the FedexInvoice_EE776129.exe inside the zipped file.
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,311
    Location:
    Surrey, England.
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,559
    Location:
    Ontario, Canada
    Got another one today from so called Fedex! VT results at time of post 6/43

    TH

    Capture01-09-2010-9.13.40 AM.jpg
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.