Hello all,

Steven is right, at the moment only four avs are recognizing it.

I think that for this kind of stuff a clamav is efficient as you can add signatures within minutes

Best regards,
Naz

C'est chose royale d'être payé des bienfaits en calomnies [Marc Aurele]
De: Steven Glogger
Envoyé: jeudi, 16 avril 2015 17:03
À: Mike Kellenberger
Cc: swinog@swinog.ch
Objet: Re: [swinog] New .exe virus in.zip file via mail

hey mike,

hm… try to upload the exe to www.virustotal.com
maybe you get some more information about the name and so on …
good luck,

-steven

Am 16.04.2015 um 16:54 schrieb Mike Kellenberger <mike.kellenberger@escapenet.ch>:

Hi all

I've been contacted by a couple of customers which caught a new virus in the last few days, sent by e-mail in a .zip file containing an .exe. (yes, there are still people out there who open these kind of attachments if they come from a known address)

The .zip file passes our AV on the mailserver (Kaspersky) as well as our desktop AV (Symantec) with the newest definitions.

Once infected, it spreads via e-mail (probably through the outlook e-mail profile, it authenticates nicely against our mailserver anyway) blasting out hundreds of mails in a single short session only to sleep again until the next day...

Has anybody else seen this? Is there a name or details or cure fo it yet?

Regards,

Mike

--
Mike Kellenberger | Escapenet GmbH
www.escapenet.ch
+41 52 235 0700/04
Skype mikek70atwork


_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog