Script virus not being caught

Hi,

Came across a Javascript virus that’s not being caught by Avast Home latest version.

Coming from acxscketn.com/cgi-bin/index.cgi and gsagcketn.com/cgi-bin/index.cgi

Attached txt file

Please send any suspect index.cgi file directly to virus (at) avast dot com and don’t post live malware on the forums, please remove your attachment. The last thing we want is a forum page being flagged as having a virus, nor do we want it to be used for the distribution of malware.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Though only 4 scanners in VirusTotal feel it is malware, http://www.virustotal.com/analisis/d2882e97653f5145cd09b04c9b853a9a

OK well I was looking all over the avast home page for a way to report a virus. I would think this would be featured prominently on the page.

The only thing I came across was http://avast.com/eng/virus-incident-report.php which did not have a way to upload the virus, nor did it have a way of reporting that the virus was NOT caught by avast!

Thanks for the info about VirusTotal

Ummmmmmm… Yahoo Mail won’t let me send the encrypted zip file. It says (drum roll please)… virus threat detected, even with the highest level of encryption.

If only Avast would do that too, I wouldn’t have to be reporting it!

I don’t think it is yahoo not allowing you to send encrypted emails, more like avast can’t send email via webmail.

It has to be sent via a conventional smtp account. Does your yahoo account have pop3/smtp functionality or do you view/send your email via your browser ?

I think Yahoo! uses Symantec- BTYahoo! certainly does- and they don’t detect the file:

Antivirus Version Last Update Result
AhnLab-V3 2008.10.17.0 2008.10.16 -
AntiVir 7.9.0.4 2008.10.16 -
Authentium 5.1.0.4 2008.10.16 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.16 -
BitDefender 7.2 2008.10.16 Trojan.JS.PWW
CAT-QuickHeal 9.50 2008.10.16 -
ClamAV 0.93.1 2008.10.16 -
DrWeb 4.44.0.09170 2008.10.16 -
eSafe 7.0.17.0 2008.10.16 -
eTrust-Vet 31.6.6150 2008.10.16 -
Ewido 4.0 2008.10.16 -
F-Prot 4.4.4.56 2008.10.16 -
F-Secure 8.0.14332.0 2008.10.16 -
Fortinet 3.113.0.0 2008.10.16 -
GData 19 2008.10.16 Trojan.JS.PWW
Ikarus T3.1.1.44.0 2008.10.16 -
K7AntiVirus 7.10.497 2008.10.16 -
Kaspersky 7.0.0.125 2008.10.16 -
McAfee 5406 2008.10.16 -
Microsoft 1.4005 2008.10.16 -
NOD32 3528 2008.10.16 JS/Redirector.NAB
Norman 5.80.02 2008.10.16 -
Panda 9.0.0.4 2008.10.16 -
PCTools 4.4.2.0 2008.10.16 -
Prevx1 V2 2008.10.16 -
Rising 20.66.32.00 2008.10.16 -
SecureWeb-Gateway 6.7.6 2008.10.16 -
Sophos 4.34.0 2008.10.16 -
Sunbelt 3.1.1728.1 2008.10.16 -
Symantec 10 2008.10.16 -
TheHacker 6.3.1.0.114 2008.10.15 -
TrendMicro 8.700.0.1004 2008.10.16 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.16.1423 2008.10.16 -
VirusBuster 4.5.11.0 2008.10.16

More likely the mail service just won’t send any sort of encrypted Zip: I’ve run into this problem recently trying to send samples: I couldn’t do it with either Hotmail or Googlemail.

I agree avast! needs a better upload solution, like the exemplary Avira or Clam submission pages.

http://analysis.avira.com/samples/index.php
http://cgi.clamav.net/sendvirus.cgi

Someone tells me that Norton Antivirus does detect it.

Well, not at VirusTotal they don’t.