New round of infected emails!

Triple Helix · Aug 19, 2010

Scan from a Xerox WorkCentre Pro #1471642

VT results 12/42

TH

JRViejo · Aug 19, 2010

TH, just received Print_document2938.zip. VT was 13/42 and virSCAN (8/36). Submitted the sample to Microsoft because MSE did not detect it.

Triple Helix · Aug 19, 2010

JRViejo said:

TH, just received Print_document2938.zip. VT was 13/42 and virSCAN (8/36). Submitted the sample to Microsoft because MSE did not detect it.
Click to expand...

My ISP uses Norton so it got pass that and at this time Prevx doesn't detect nor does VIPRE or ESET on my VM's but I sent in the sample to them!

TH

JRViejo · Aug 19, 2010

Actually, my ISP caught it, however, I DL it to see if MSE would catch it. I was surprised to see in both VT & VS that ClamAV nailed it!

Triple Helix · Aug 19, 2010

We have a continuing thread going on at CoU about infected emails: http://www.calendarofupdates.com/updates/index.php?showtopic=30516&pid=109100&st=40&#entry109100

And a story here: http://news.softpedia.com/news/Fake-Xerox-WorkCentre-Pro-Scans-Hide-Trojan-147954.shtml

TH

JRViejo · Aug 20, 2010

MSE virus/spyware definition 1.89.42.0, dated 8/20/2010 at 2:48 am., caught my zipped file, during an individual file scan.

Microsoft is calling it Trojan:Win32/Meredrop, due to the Print_document_Nr195FH.exe inside the zipped file.

Triple Helix · Aug 24, 2010

Got another from supposed Fedex this time!

VirusTotal Results: 12/42 at the time of this post!

TH

JRViejo · Aug 24, 2010

TH, looks like you and I are receiving the same junk.

Just got FEDEXInvoiceEE023812OP.zip. VT (14/40) and virSCAN (7/36). Submitted the sample to Microsoft because MSE did not detect it.

Triple Helix · Aug 24, 2010

JRViejo said:

TH, looks like you and I are receiving the same junk.

Just got FEDEXInvoiceEE023812OP.zip. VT (14/40) and virSCAN (7/36). Submitted the sample to Microsoft because MSE did not detect it.
Click to expand...

Hi JR,

My ISP uses Yahoo for there Email so that could be why for me and Yahoo uses Norton and that didn't stop it!

TH

Ibrad · Aug 24, 2010

I must be lucky because I have never received a email with a virus attached.

JRViejo · Aug 24, 2010

MSE virus/spyware definition 1.89.283.0, dated 8/24/2010 at 10:12 am., caught this FedEx zipped file, during an individual file scan.

Microsoft is calling it TrojanDropper:Win32/Oficla.T, due to the FedexInvoice_EE776129.exe inside the zipped file.

Dermot7 · Aug 29, 2010

From M86 Labs blog: "Over the past few days the Asprox botnet has been spamming out a fake FedEx campaign. We noticed this after we saw our old Asprox binaries downloading a new updated "196" version from the bot's command and control server.":
http://labs.m86security.com/2010/08/fedex-spam-seeding-new-asprox-binary/

Triple Helix · Sep 1, 2010

Got another one today from so called Fedex! VT results at time of post 6/43

TH

Log in or Sign up

New round of infected emails!

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

Ibrad Registered Member

JRViejo Super Moderator

Dermot7 Registered Member

Triple Helix Specialist

Log in or Sign up

New round of infected emails!

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

JRViejo Super Moderator

Triple Helix Specialist

Ibrad Registered Member

JRViejo Super Moderator

Dermot7 Registered Member

Triple Helix Specialist

Useful Searches