My virus definition is up to date. I received an email with this subject
“Notify about using the e-mail account”
and this body (see below).
The email has an attachment with a zip file and inside the zip is an exe file. Of course I deleted it. But first I saved the zip file and scanned it manually. I am concerned that AVAST does not catch anything in it. It is clearly a virus. A little searching makes me think it is “W32.Beagle.J@mm” … see this link…
I had the same thing, here’s what I got from Karel from Alwil:
the mail was originated by one of the last version of the Beagle
worm, the F version or latter (Beagle-J in this case). Those version are
able to send password protected (=encrypted) zip files. The password for
virus decryption is in the mail text. Of course, no virus detection is
possible in the ecrypted files.
After decryption (= un-zipping with the proper password supplied) the
virus is in the executable form and Avast can detect it and prevent
infection of the computer, but Avast cannot spot the virus in the mail
(because of encryption).
Wow thats what I call a quick response. That makes sense actually. I tried to extract the file from winzip to see, but the password in the email does not work! LOL I will assume that avast would have caught it then.
Maybe with CRC validation? Or by some pattern which is known only for this virus inside ZIP archive. Someone notified me today that avast! catched virus inside encrypted ZIP archive…
The file inside the archive is different each time - it has a random data appended. So, it’s not possible to detect it either by CRC, or even by size.
avast! will include the detection of those password-protected ZIP; it may cause some false alarms, however.
Yes, claim ;D
According to what I have seen, Kaspersky simply detects password-protected ZIPs containing executable files (well, it’s a little more specific than that, but not much). If you create your own password-protected ZIP that matches the criteria, it will be detected as well. No content scanning occurs (yet).