This is the third time I’m reporting phishing as false negative.
Caro cliente.
Mediante o cancelamento do pedido Nº 3262352652-18-08-2014 (Notebook Asus P-2542).
Informamos que estamos devolvendo o valor total (R$ 1499,99) via depósito em sua conta bancária.
Você pode ver o comprovante de depósito para simples conferência em anexo, ou no link a seguir:
http://ww w.americas.com/comprovantes/pedidos/3262352652-18-08-2014
Agradecemos pela preferência, e esperamos poder atendê-lo em uma próxima compra.
Atenciosamente
Americanas.com
I wouldn’t be suprised.Even the big gun kaspersky doesnt detect it.
Guys,just to remember we have superb on-execution technologies like evo-gen and filerep which can catch threats on execution so better check it on execution.In my experience,filerep catches up with these things pretty quickly especially if its a reported threat.
I guess avast should make a online scanner that has on-exec detection tactics that is actually used in the products.
Also to add I think things will be better off when avast 2015 is released and deepscreen makes a comeback.
Tech,any update on avast is doing on brazil malware?? Have you heard any complains on normal users over there still getting infected with avast.Is the situation still the same since v5?
Well folks, the alleged detection is Delphi and we know how it is with Delphi detections and specially BobSoft MiniDelphi heuristic detection, false positive prone.
I agree avast! has a hard time as a monopoly vendor in the Brazilian malware theater, where all malcreants test their malcode against avast! first and foremost, but here I lean towards avast! and think avast! team will beat their Chinese av adversaries on packer detection with “two fingers in their nose”, so that is that easily, no doubt about that ;D
Scr files still a plague in Brazil.
I receive at least 3 or 4 each week by email and Avast doesnt detects pro actively 90% of it…
Only after that I submit the sample to them…
However, when the hardened mode is on (moderate), the story changes… Almost all samples are blocked due to be new files…
Tonanet,have you tried executing the files? We have some pretty good on-execution detection technologies that can help.VT results dont say the full story
Well,I have had atleast 2 of these type of samples getting past kaspersky and bitdefender.
But we must understand that VT is just signature scanner.Full products have more techniques and capabilities to catch malware missed by local database.
I have some samples that were identical to Lisandro’s and VT avast was not detecting them.
I executed both and one got blocked by filerep and other by evo-gen.However,these 2 and a few more are the only banker trojans I tested among my collection that got past real-time protection.All should be in their virus lab now
Too note,filerep is very quick to pick newly reported threats.So in an hour or less or so I get on-exection filerep detection for alot of samples these days.