My network has been getting a lot of emails entitled “You’ve received a postcard from a family member”, or something along those lines. They generally include a link to a web site, and so I tried the most recent email’s link in a text-only browser running under UNIX (safer that way). It took me to a web page that included a single link, to a file called card.exe.
I tried scanning this “card.exe” with Avast and it did not report any problems. Then I uploaded it to VirusTotal and Jotti, both of which found problems – but in both cases only a minority of the scanners found problems.
This is clearly malicious software, but I don’t want to run on it on my PC to see what it does – I don’t have an appropriate environment for testing that sort of thing. I’m a little worried that Avast isn’t detecting it, because we’ve been getting a lot of these, and eventually one of my users is going to get one and may actually download and run the exe.
Is there any way I can submit this file to Avast for analysis?
Sure. Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
I got another one today and sent it to virus@avast.com. I’ll check tomorrow to see if it’s detected yet, and if not, I’ll open a support request (I’m a corporate customer).
I got the same problem two days ago
I’m on Windows XP
Avast was on “Normal” and not on “Avancée” (I’m a Frenchman)
Avast was recognizing a probably virus but didn’t try to delete it.
I tried by free versions of Macaffee and Bit Defender : they didn’t find
I’ve loaded free Norton by Google Tools : it found “Trojan.Peacomm.B” and deleted it. Victory !
It’s the first time Avast doesn’t satisfy me. I’ve been using it for 3 years without any problem …
New e-card variants seem to be emerging every few hours, with quite limited detection by most AV’s.
Complete scanning result of “ecard_2_.exe”, received in VirusTotal at 07.04.2007, 18:41:44 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.7.5.0 07.04.2007 no virus found
AntiVir 7.4.0.37 07.04.2007 TR/Small.DBY.DB
Authentium 4.93.8 07.03.2007 no virus found
Avast 4.7.997.0 07.04.2007 no virus found
AVG 7.5.0.476 07.04.2007 no virus found
BitDefender 7.2 07.04.2007 no virus found
CAT-QuickHeal 9.00 07.04.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 07.04.2007 no virus found
DrWeb 4.33 07.04.2007 no virus found
eSafe 7.0.15.0 07.04.2007 Suspicious Trojan/Worm
eTrust-Vet 30.8.3762 07.04.2007 no virus found
Ewido 4.0 07.04.2007 no virus found
FileAdvisor 1 07.04.2007 no virus found
Fortinet 2.91.0.0 07.03.2007 no virus found
F-Prot 4.3.2.48 07.03.2007 no virus found
F-Secure 6.70.13030.0 07.04.2007 no virus found
Ikarus T3.1.1.8 07.04.2007 no virus found
Kaspersky 4.0.2.24 07.04.2007 no virus found
McAfee 5066 07.03.2007 W32/Nuwar@MM
Microsoft 1.2701 07.04.2007 no virus found
NOD32v2 2378 07.04.2007 a variant of Win32/Fuclip
Norman 5.80.02 07.04.2007 no virus found
Panda 9.0.0.4 07.04.2007 no virus found
Sophos 4.19.0 06.24.2007 no virus found
Sunbelt 2.2.907.0 07.04.2007 no virus found
Symantec 10 07.04.2007 Trojan.Packed.13
TheHacker 6.1.6.142 07.04.2007 no virus found
VBA32 3.12.0.2 07.03.2007 no virus found
VirusBuster 4.3.23:9 07.04.2007 no virus found
Webwasher-Gateway 6.0.1 07.04.2007 Trojan.Small.DBY.DB
I’ve received an IM from another user of avast from my country.
He says he sent 147 variants of trojans and worms (including e-cards) to Alwil for analysis.
World is becoming dangerous to live… and avast isn’t in the front end of security right now… it’s a pity.