Some sort of fake parcel e-mails…Non were detected by avast! :o :-[ :-\
Sent to virus lab!
Some sort of fake parcel e-mails…Non were detected by avast! :o :-[ :-\
Sent to virus lab!
Is this webmail, viewed through your browser ?
Is it downloaded to an email program ?
If so which email program as it may not be being scanned at all, as some Microsoft email programs download it using a proprietary protocol, which can’t be monitored by avast.
More importantly is why isn’t it detected by hotmail itself as surely that must be scanned at source ?
As the three links above come in through hotmail, yes, this is webmail, something avast! does not scan.
I think true indian’s point is that avast! does not detect these three variants. So, if hotmail does not detect it through their malware scanner, then avast! won’t either, when it is executed (usually by opening an attachment in the webmail link). That would be a problem.
UPS, DHL, FedEx, etc., I toss as soon as I see them, especially if I am not expecting a shipment. No problems there. It is most likely bogus if you are not expecting a shipment to come in.
So, if hotmail does not detect it through their malware scanner,................all 3 are detected by Trend Micro......used by msn mail / hotmail / live mail
Yes…it is downloaded to email program…but i wasnt using the computer at that time it was my sister using it and she downloaded the attachments and avast didnt get it…
Luckily i had comodo Defense+ and when she ran it D+ got it…I guess that avast just missed at…Hence,my whole point is avast shouldnt be leaving these pieces of malware when at VT well known scanners at getting them…I am shocked! :o
All 3 samples are now detected by avast as win32 malware gen but i am still shocked the fact avast didnt know them when they were downloaded
All 3 samples are now detected by avast as win32 malware gen but i am still shocked the fact avast didnt know them when they were downloadedthen you will have lots of shock in the years to come.....as no security program have 100% detection....and these where brand new when you scanned at VT
First seen by VirusTotal
2012-05-16 14:06:09 UTC ( 16 timer, 20 minutter ago )
But if they where brand new…then why did most of the scanners at VT get them… ???
I expect that if most of them get it then avast should be also getting them…atleast avast should get the well detected samples if not the rare ones
Actually,this happened on her Desktop…I trust avast for 99% of the protection on all my 3 PC’s in my house…and this is the first time something bypassed avast! and was caught by D+ :-[
You better make sure your clean. You don’t want a Zeus class trojan sitting in your PC.
Do you run MBAM pro? It should have caught these.
Per Symantec:
Trojan.Zbot, also called Zeus, is a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet. The Trojan is created using a Trojan-building toolkit.
Infection
The Trojan.Zbot files that are used to compromise computers are generated using a toolkit that is available in marketplaces for online criminals. The toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.
The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. The computer is compromised if the user visits the link, if it is not protected.
Functionality
This Trojan has primarily been designed to steal confidential information from the computers it compromises. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. This is done by tailoring configuration files that are compiled into the Trojan installer by the attacker. These can later be updated to target other information, if the attacker so wishes.
Confidential information is gathered through multiple methods. Upon execution the Trojan automatically gathers any Internet Explorer, FTP, or POP3 passwords that are contained within Protected Storage (PStore). However, its most effective method for gathering information is by monitoring Web sites included in the configuration file, sometimes intercepting the legitimate Web pages and inserting extra fields (e.g. adding a date of birth field to a banking Web page that originally only requested a user name and password).
Additionally, Trojan.Zbot contacts a command-and-control (C&C) server and makes itself available to perform additional functions. This allows a remote attacker to command the Trojan to download and execute further files, shutdown or reboot the computer, or even delete system files, rendering the computer unusable without reinstalling the operating system.
Zeus and “Kneber”
On February 18, 2010 news reports appeared about a new botnet called Kneber. The reports claimed there were as many as 75,000 machines compromised by this newly discovered threat. In actuality, Kneber turned out to be a group of computers infected with Trojan.Zbot, controlled by one owner.
On February 23, 2010, one of our DeepSight honeypots was compromised by this latest version of Trojan.Zbot. In this particular case, Trojan.Zbot also downloaded copies of W32.Waledac. DeepSight™ Threat Management System subscribers can read the full report.
Thanks for info DonZ63…i have ran Malwarebytes quick scan and Norton power eraser and i came up to be clean ;D