avast! is missing one phishing email after another

This is the third time I’m reporting phishing as false negative.

Caro cliente.
Mediante o cancelamento do pedido Nº 3262352652-18-08-2014 (Notebook Asus P-2542). 
Informamos que estamos devolvendo o valor total (R$ 1499,99) via depósito em sua conta bancária.
Você pode ver o comprovante de depósito para simples conferência em anexo, ou no link a seguir:
http://ww w.americas.com/comprovantes/pedidos/3262352652-18-08-2014
Agradecemos pela preferência, e esperamos poder atendê-lo em uma próxima compra.
Atenciosamente 
Americanas.com

Infected link: hxxps://docs.google.com/uc?id=0B01qnvoSVyNgLW9rWHhjajJpcmc
avast! does not detect the vector either! https://www.virustotal.com/en/file/5cc34c9a4b68a18f755a819c3bcaf50532b70ce69e7beda14cd4a197b73d5088/analysis/1409674937/
Look all Chinese antivirus detect it.

Thats not good.

Im thinking about heading to Kaspersky when my Premier license runs out.

I wouldn’t be suprised.Even the big gun kaspersky doesnt detect it.

Guys,just to remember we have superb on-execution technologies like evo-gen and filerep which can catch threats on execution so better check it on execution.In my experience,filerep catches up with these things pretty quickly especially if its a reported threat.

I guess avast should make a online scanner that has on-exec detection tactics that is actually used in the products.

+1

Also to add I think things will be better off when avast 2015 is released and deepscreen makes a comeback.

Tech,any update on avast is doing on brazil malware?? Have you heard any complains on normal users over there still getting infected with avast.Is the situation still the same since v5?

Well folks, the alleged detection is Delphi and we know how it is with Delphi detections and specially BobSoft MiniDelphi heuristic detection, false positive prone.

100% maybe virus - http://f.virscan.org/Comprovante_Deposito.scr.html
http://home.mcafee.com/virusinfo/virusprofile.aspx?key=549967
Was it based on this report? Re: http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=28724

For the record, haven’t we been there before with BobSoft MiniDelphi? Re: https://forum.avast.com/index.php?topic=121579.0

I agree avast! has a hard time as a monopoly vendor in the Brazilian malware theater, where all malcreants test their malcode against avast! first and foremost, but here I lean towards avast! and think avast! team will beat their Chinese av adversaries on packer detection with “two fingers in their nose”, so that is that easily, no doubt about that ;D

polonus

Scr files still a plague in Brazil.
I receive at least 3 or 4 each week by email and Avast doesnt detects pro actively 90% of it…
Only after that I submit the sample to them…

However, when the hardened mode is on (moderate), the story changes… Almost all samples are blocked due to be new files…

I don’t think so, at least not on banking malware. Of course, we’re always improving but I don’t think it’s a comfortable situation for the user.

Thanks for the new detection!

Tonanet,have you tried executing the files? We have some pretty good on-execution detection technologies that can help.VT results dont say the full story :slight_smile:

By the way,these thing seem quite tough as a catch for AV’s.Yesterday we had 6/55 on VT with no kaspersky/Bitdefender in it and now its just 10/55.Still alot of big guns are missing the sample:
https://www.virustotal.com/en/file/5cc34c9a4b68a18f755a819c3bcaf50532b70ce69e7beda14cd4a197b73d5088/analysis/

Well,it’s a quick reaction from avast :slight_smile: So as tech said we keep improving!

Here are 2 more:
https://www.virustotal.com/en/file/283b712f27430a188570bf5c302819f0e5a7306424485fa64577009d9d496a35/analysis/1409933062/

https://www.virustotal.com/en/file/7a3445b6b8a6aab239f5e7ef6b59cd15346178c398e573d418748d636e338c65/analysis/1409933450/

Reported to virus AT avast DOT com

Duplicate sample.

Most of the detections there are plain from Bitdefender :slight_smile:

But you see there are alot of other big AV players missing them :-\

Bitdefender is also really vulnerable

Over 1400 breaches found in a test by an professional

Well,I have had atleast 2 of these type of samples getting past kaspersky and bitdefender.

But we must understand that VT is just signature scanner.Full products have more techniques and capabilities to catch malware missed by local database.

Trend Micro is an good example for this.

Bad On-Access detection but blocked when opening.

I have some samples that were identical to Lisandro’s and VT avast was not detecting them.

I executed both and one got blocked by filerep and other by evo-gen.However,these 2 and a few more are the only banker trojans I tested among my collection that got past real-time protection.All should be in their virus lab now :slight_smile:

Too note,filerep is very quick to pick newly reported threats.So in an hour or less or so I get on-exection filerep detection for alot of samples these days.

Avast guys seem to have worked on the Cloud Backend also.

Hasn’t been astonishing for me.Have been seeing some backend detections on cleint’s machines as well.Alot of new ones coming up since past few months. :slight_smile: