On Tue, March 15, 2016 4:25 am, Al Varnell wrote: >> Scanning these ZIP/.js viruses has a hit rate of about 35%. 35% of all >> antivirus packages will say they are viruses. For example running one >> through https://www.virustotal.com will say out of about 53 antivirus >> programs, 16 flag it as a virus. >> >> They are definitely malware and should be stopped.
Hi Scott, Thanks for the link to the samples, these are being detected, using phish.ndb as Sanesecurity.Malware.25834.JsHeur. They would also be detected using foxhole_filename.cdb Latest download scripts here: http://sanesecurity.com/usage/linux-scripts/ In case anyone is wondering these .js files, if run, are going off to download Teslacrypt ransomware which would pretty much ruin your day :( Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com Twitter: @sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
