Another dodgy attachement received in Yahoo mail

HI, I have Windows Defender running with Avast (sans behavior shield).

Downloaded an attachment from Yahoo mail today. Yahoo’s own AV scan didn’t detect it,
(what do they use - Norton) ?
Avast didn’t detect it, but Windows Defender caught it during the download.

http://www.virustotal.com/file-scan/report.html?id=aa3602bafcf9f73e92c33a559ce560ec8add36a0453654b36e3bb0987bde6536-1304794336

Who was it who said WD was useless? On the contrary, it seems.

Thanks for the info.

I would say expect at least one supportive comment, and maybe the odd dismissive ‘it’s got to get lucky sometime’ from some others :slight_smile:

Those FedEx ones…oh your delivery info is wrong, download a zip and fill in the info using the exe inside…
Yeah right…

Good catch.

Did you forward it to avast? :wink:

The only thing it ever catches on my machine is EICAR ;D

Yahoo's own AV scan didn't detect it, (what do they use - Norton) ?
yes... and this seems to be very new
First seen: 2011-05-07 18:52:16 Last seen : 2011-05-07 18:52:16
AV vendors are usually quickly updated on these mail malware as they are spreading quick so they all get samples quick If you scan this again in 48 hours i guess you will have a 90% VT score

Would you like me to forward the sample?

I have to ask, how is MS beating many AV companies at early detection?
What mechanisms do they have in place? Is it their SpyNet ?

could be… maybe someone like you sendt them a sample…or one of those working at MS got it in the mail…
everyone knows that when you recive a mail from Fedex/ups/DHL etc, they are sucpious and you need to test it at VT before you open…especially if you dont expect to recive anything

MS is also an av company. WD reporting back to MS is default, and I believe that with MSE it is mandatory - so I guess that must help.

Sample sent to Pondus at the email address he provided me.

The point I was trying to make was that MS seems to be beating dedicated security companies
at early detection.

What ever mechanism they’re using, it seems to work.

Dave

  1. Does anyone get a result with this link…?? If so, please post it, as I get: queued
  2. I’m one of them. :wink:

You’re right - I’m the one who submitted it. I merely copied the URL when the report was shown to me.
Is there something else I should be doing to get a permanent report?

File name:
FedEx.zip
Submission date:
2011-05-07 18:52:16 (UTC)
Current status:
finished
Result:
11/ 40 (27.5%)

avast isn’t one of them…

Bear in mind that MS also has hotmail…these are a dime a dozen there…they know what to look for :wink:

Here’s a screen print for anybody who cannot see VT properly.

Thanks for posting the screnshot, but avast’s results are not included…

sample sendt avast/MBAM/SAS :wink:

and if scanned unzipped 13/42 score
http://www.virustotal.com/file-scan/report.html?id=fc05bf35c198b0c582d2e8a1e43b77f3438d7470c829353aa36e89b53f40f905-1304798763

Fedex,good old Bredolab.

Yes I couldn’t fit it all on my screen at once. The invisible results above the line were all undetected

the fake FedEx attachment now have a 22/42 VT score and avast! detect
http://www.virustotal.com/file-scan/report.html?id=fc05bf35c198b0c582d2e8a1e43b77f3438d7470c829353aa36e89b53f40f905-1304860461

Malwarebytes now detect it as - Email.Worm

Thanks, Pondus - good to know. :slight_smile:

Hello - there seems to be a new variation, Avast is not picking it up.
(received this bogus attachment in an email today).

http://www.virustotal.com/file-scan/report.html?id=fce35acb2876ec3cb5bf9253b405c570944050e0dc05bd353ea14dc5eb7c9da3-1305908428