I have submitted a html file to avast like a week ago… But this file isnt detected yet…
Its seems to be an exploit, or have some kind on crypted Javascript in it…
Checking in Virus Total, every day new antivirus start to detect it, however avast is still missing it…
I click on general contact, choose report of undetcted malware in the combo and then attach the file…
Its usually dont take more the 36 hours to detection be included … At least is what happened in the last 5 or 6 times that I have submitted an undetected sample using this way…
Do you mean this spam malware: Attachments: changelog-212.htm
Good morning,
as promised changelog (Internet Explorer File)
The victim is enticed to click on the attachment which leads to a malicious payload on [donotclick]efaxinok.ru:8080/forum/
Above threat mentioned on cbnetsecurity dot com as “Changelog 10.20 “spam””…
Since most are saying it is a javascript redirector, it is unusual that avast isn’t detecting it as avast is very hot on this type of thing.
Often it is only avast that actually detects stuff like this, so I have to wonder exactly it is in this html page that others find suspect. I say suspect as some of the detections are generic and others are saying iframe malware and again that area is normally an avast web shield hot area.
I also see that a goodly number of the major AVs don’t detect anything either, even though there are a reasonable number of detections, I still have my doubts. Unfortunately not being able to analyse it or the URL using other tools there is no real way to investigate further.
I tried to submit a file to avast with email ‘‘virus @ avast.com’’ but a warning poped-up , so I submitted with ‘‘virus@avast.com’’
1)Which email address i correct?
2)Can anyone tell me what is the importance of submitting only a password protected ZIP file?
1- The correct is the second option that you had submitted
2- Password protect allows the file to be submitted without being interrupted by any antiviruses present on servers between your email box and avast email box. If you dont password protect, an antivirus in the server can block the file. The zip prevents the file from being checked.
@Pondus
I submitted the file for you as you requested in the private message.
Essentially the first is an anti-harvesting hack (not a particularly great one) as bots trawl websites harvesting email addresses to use for spamming.
Email addresses don’t have spaces in them, so removing the spaces would give you the second email you posted.
Emails go through email servers and many will have anti-virus scanners to scan said email, so when sending samples the password protected archive prevents the scanner extracting the contents of the password protected zip file so they can be scanned.
Yesterday I received a new malware sample that was not detected by avast. It was a .com file. So, before I sleep, I submitted the file using the contact form and went to bed. When I did wake up, like an hour ago, I tested the new file again and it is being detected as win32:malware-gen . It is what I have been having from avast from the last +/- 10 submissions. It always has been added between 12 hrs to 24 hrs after the submission.
Maybe the html file is not being considered as malware by the avast analysts…