Virus - Trojan Downloader |
Post Reply 
|
| Author | |
segamegadave 
Newbie 
Joined: 12 January 2011 Status: Offline Points: 1 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Virus - Trojan DownloaderPosted: 22 November 2011 at 12:12pm |
|
Spamfilter Version 4.2.4.843 with Norman AV (up to date)
Hi we have recently had reports of several end users recieving emails with zip files attached. These emails pose as the Postal Service or an Airline with important details attached. The zip file attached contains what Kaspersky describes as http://www.securelist.com/en/find?words=Trojan-Downloader.Win32.Injecter.hdu For some reason or another they are bypassing the Spamfilter and AV altogether. Is this happening to anyone else? Is there anything we can check/do? |
|
 |
|
|
lyndonje
Senior Member 
Joined: 31 January 2006 Location: United Kingdom Status: Offline Points: 192 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 December 2011 at 9:39am |
|
Hi Roberto,
Any chance we could get a response to this? Norman AV/SpamFilter letting through potential viruses is pretty serious....? Thanks, Lyndon.
|
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 December 2011 at 5:57pm |
|
Without receiving specific email samples it's hard to give an accurate answer. There are many antivirus vendors out there, and new viruses are detected by various products after various time delays. Some may catch them sooner one day, and later another, depending on when their AV teams are able to identify the virus fingerprint.
If you can provide us with one or more such emails to support at logsat.com we'll be glad to take a look.
|
|
|
|
|
jerbo128
Senior Member
Joined: 06 March 2006 Status: Offline Points: 178 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 December 2011 at 11:49am |
|
im sending one now, Norman still allowing this through as of today. SFE quarantined this particular one. but due to an ip blacklist.
In fact I came to the forum because I couldn't find the area in the spamfilter.ini to block attachments by ext for this very issue. Just happened to see this post
Edited by jerbo128 - 07 December 2011 at 11:54am |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 December 2011 at 9:19pm |
|
jerbo128,
We received your email with a sample, but unfortunately the source of the email is malformed (there are no CRLF sequences to separate the individual lines) so the email is unreadable. In the meantime, we received two other samples with infected files earlier today. One of them - AA_Ticket_#2646.zip file (identified as "W32/Suspicious_Gen2.RVKPW") is being correctly blocked by SpamFilter, although the original infected email was received 3 days ago, and at that time Norman did not have AV definitions for that virus yet. The other sample file "Delivery_information.exe" we received was indeed infected, but is not currently being detected as malicious by Norman. We submitted the sample to them immediately so a new set of definitions should be available within 24 hours to detect it. As a side-note, some other AV vendors like Avast, Symantec and TrendMicro are also unable to detect that strain as well. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.148 seconds.