Hello Avast Team, why this file isnt being detected yet?

Hello guys!

I have submitted a html file to avast like a week ago… But this file isnt detected yet…
Its seems to be an exploit, or have some kind on crypted Javascript in it…

Checking in Virus Total, every day new antivirus start to detect it, however avast is still missing it…

Link to virus total
https://www.virustotal.com/file/c987fb4dd5ac13de3eef9f8f2884cd813e0a3a04b3b4a0364be58052a9284583/analysis/1353950814/

Is it a real malware? Or just a suspicious file, so thats the reason you guys keep ignoring it?

Thanks for your time!

Tonanet

did you send it in mail to avast lab?

Hello Pondus! Thanks for your Reply!

Yeap,

I sent 2 times in the last 7 days.

Thanks for your time,

Elminster

and it was a password protected zip file ?

Actually I submitted from this page:

http://www.avast.com/contacts

I click on general contact, choose report of undetcted malware in the combo and then attach the file…

Its usually dont take more the 36 hours to detection be included … At least is what happened in the last 5 or 6 times that I have submitted an undetected sample using this way…

Thanks for your time,

Tonanet

Hi elminster,

Do you mean this spam malware: Attachments: changelog-212.htm

Good morning,

as promised changelog (Internet Explorer File)
The victim is enticed to click on the attachment which leads to a malicious payload on [donotclick]efaxinok.ru:8080/forum/
Above threat mentioned on cbnetsecurity dot com as “Changelog 10.20 “spam””…

polonus

Hello Polonus!

Yes! This is the file that I am submiitting to avast… I rceeived attached in an email last week…

Thanks for your time,

Tonanet

you may try sendig it in a password protected zip file to. virus @ avast.com
zip password: infected
mail subject: undetected sample

@Elminster,

Thanks for the heads-up on this. Hope it will soon be added to avast detection, but as I know they are soon to react and add.

@Pondus,

Good we have nailed down this spam-bat then, as the old Vikings did to the stable door ;D

pol

Hello!

Thanks you both for the attention.

I have submitted by email this sample. Hope that it gets detected soon too. :slight_smile:

Anyway, I will be keeping you guys informed about the detection of this file in this post.

Thanks for the attention!

Tonanet

Since most are saying it is a javascript redirector, it is unusual that avast isn’t detecting it as avast is very hot on this type of thing.

Often it is only avast that actually detects stuff like this, so I have to wonder exactly it is in this html page that others find suspect. I say suspect as some of the detections are generic and others are saying iframe malware and again that area is normally an avast web shield hot area.

I also see that a goodly number of the major AVs don’t detect anything either, even though there are a reasonable number of detections, I still have my doubts. Unfortunately not being able to analyse it or the URL using other tools there is no real way to investigate further.

Hello DavidR

If you wish I can submit the file to you…

Thanks for your time,

Tonanet

I tried to submit a file to avast with email ‘‘virus @ avast.com’’ but a warning poped-up , so I submitted with ‘‘virus@avast.com’’
1)Which email address i correct?
2)Can anyone tell me what is the importance of submitting only a password protected ZIP file?

@visim4a1

1- The correct is the second option that you had submitted
2- Password protect allows the file to be submitted without being interrupted by any antiviruses present on servers between your email box and avast email box. If you dont password protect, an antivirus in the server can block the file. The zip prevents the file from being checked.

@Pondus

I submitted the file for you as you requested in the private message.

Thanks all!

Tonanet

  1. Essentially the first is an anti-harvesting hack (not a particularly great one) as bots trawl websites harvesting email addresses to use for spamming.

  2. Email addresses don’t have spaces in them, so removing the spaces would give you the second email you posted.

  3. Emails go through email servers and many will have anti-virus scanners to scan said email, so when sending samples the password protected archive prevents the scanner extracting the contents of the password protected zip file so they can be scanned.

@Tonanet @DavidR
Thank you it was very helpful :slight_smile:

You are Welcome! :slight_smile:

or you can write it a bit more cryptic…the way David like it

virus at avast dot com :wink:

Norman lab added detection for the file after analysis

Changelog-212.htm: Blackhole.GAA

so seems avast should detect this

Hello,

Yesterday I received a new malware sample that was not detected by avast. It was a .com file. So, before I sleep, I submitted the file using the contact form and went to bed. When I did wake up, like an hour ago, I tested the new file again and it is being detected as win32:malware-gen . It is what I have been having from avast from the last +/- 10 submissions. It always has been added between 12 hrs to 24 hrs after the submission.

Maybe the html file is not being considered as malware by the avast analysts…

Thanks for your time!