Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Virus - Trojan Downloader
  FAQ FAQ  Forum Search   Register Register  Login Login

Virus - Trojan Downloader

 Post Reply Post Reply
Author
segamegadave View Drop Down
Newbie
Newbie
Avatar

Joined: 12 January 2011
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote segamegadave Quote  Post ReplyReply Direct Link To This Post Topic: Virus - Trojan Downloader
    Posted: 22 November 2011 at 12:12pm
Spamfilter Version 4.2.4.843 with Norman AV (up to date)

Hi we have recently had reports of several end users recieving emails with zip files attached. These emails pose as the Postal Service or an Airline with important details attached.

The zip file attached contains what Kaspersky describes as http://www.securelist.com/en/find?words=Trojan-Downloader.Win32.Injecter.hdu

For some reason or another they are bypassing the Spamfilter and AV altogether.

Is this happening to anyone else? Is there anything we can check/do?

Back to Top
lyndonje View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2006
Location: United Kingdom
Status: Offline
Points: 192
Post Options Post Options   Thanks (0) Thanks(0)   Quote lyndonje Quote  Post ReplyReply Direct Link To This Post Posted: 06 December 2011 at 9:39am
Hi Roberto,

Any chance we could get a response to this? Norman AV/SpamFilter letting through potential viruses is pretty serious....?

Thanks,
Lyndon.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 December 2011 at 5:57pm
Without receiving specific email samples it's hard to give an accurate answer. There are many antivirus vendors out there, and new viruses are detected by various products after various time delays. Some may catch them sooner one day, and later another, depending on when their AV teams are able to identify the virus fingerprint.

If you can provide us with one or more such emails to support at logsat.com we'll be glad to take a look.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 07 December 2011 at 11:49am
im sending one now, Norman still allowing this through as of today.  SFE quarantined this particular one. but due to an ip blacklist.
  In fact I came to the forum because I couldn't find the area in the spamfilter.ini to block attachments by ext for this very issue.  Just happened to see this post


Edited by jerbo128 - 07 December 2011 at 11:54am
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 December 2011 at 9:19pm
jerbo128,

We received your email with a sample, but unfortunately the source of the email is malformed (there are no CRLF sequences to separate the individual lines) so the email is unreadable.

In the meantime, we received two other samples with infected files earlier today. One of them - AA_Ticket_#2646.zip file (identified as "W32/Suspicious_Gen2.RVKPW") is being correctly blocked by SpamFilter, although the original infected email was received 3 days ago, and at that time Norman did not have AV definitions for that virus yet.

The other sample file "Delivery_information.exe" we received was indeed infected, but is not currently being detected as malicious by Norman. We submitted the sample to them immediately so a new set of definitions should be available within 24 hours to detect it. As a side-note, some other AV vendors like Avast, Symantec and TrendMicro are also unable to detect that strain as well.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.180 seconds.