subject:"\[swinog\] New .exe virus in.zip file via mail"

[swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Mike Kellenberger

Hi all I've been contacted by a couple of customers which caught a new virus in the last few days, sent by e-mail in a .zip file containing an .exe. (yes, there are still people out there who open these kind of attachments if they come from a known address) The .zip file passes our AV on the

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Matthias Cramer

Hi Mike We have seen the same. We use ClamAV and it does not detect it neither (I reported it today to them). Microsoft Security Essentials detects it with the newest signatures of today. Regards Matthias On 16/04/15 16:54, Mike Kellenberger wrote: > Hi all > > I've been contacted by a cou

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Steven Glogger

hey mike, hm… try to upload the exe to www.virustotal.com maybe you get some more information about the name and so on … good luck, -steven > Am 16.04.2015 um 16:54 schrieb Mike Kellenberger > : > > Hi all > > I've been contacted by a couple of customers which cau

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Mike Kellenberger

Thanks for the tip, Steven. https://www.virustotal.com/en/file/6159e15c7a5401ba8e7708755b75ce5bb911cb1dbe15253c13a06b4c0f35e5e3/analysis/1429196664/ Kaspersky should detect it now - time to force a definition update... Regards, Mike -- Mike Kellenberger | Escapenet GmbH www.escapenet.ch +41 5

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread naz

Hello all,Steven is right, at the moment only four avs are recognizing it.I think that for this kind of stuff a clamav is efficient as you can add signatures within minutes

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Markus Wild

Ciao Mike > > I've been contacted by a couple of customers which caught a new virus in > > the last few days, sent by e-mail in > > a .zip file containing an .exe. (yes, there are still people out there who > > open these kind of attachments if they > > come from a known address) > > Has anybody

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Serge Droz

Hi Mike recently Geodo was doing this in Switzerland. Direct your customers to https://www.swiss-isa.ch/en/security-check/ and ask them to go through the check. There is a "second opinion" scanner in the test, which detects and cleans a lot of stuff AV does not yet see. Could you send me one of

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Rainer Duffner

> Am 16.04.2015 um 16:54 schrieb Mike Kellenberger > mailto:mike.kellenber...@escapenet.ch>>: > > Hi all > > I've been contacted by a couple of customers which caught a new virus in the > last few days, sent by e-mail in a .zip file containing an .exe. (yes, there > are still people out there

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Slavo Greminger

Dear all This is Upatre downloading Dyre, a banking trojan. The Dyre here is part of a campaign "UK21" targeting several hundred banks worldwide. Upatre is a specialized downloader, bypassing all AV engines around for a couple of hours. It does download Dyre and shows a decoy pdf to the user. Af

Re: [swinog] New .exe virus in.zip file via mail

2015-04-16 Thread Viktor Steinmann

On 17.04.2015 08:11, Slavo Greminger wrote: So, what can you do? Blocking all non-allowed executables on Windows is a good start (whitelist approach). Well, maybe not for home-users, but in an office environment this makes absolute sense. Google for Applocker. Kind regards, Viktor __

Re: [swinog] New .exe virus in.zip file via mail

2015-04-17 Thread Roger Buchwalder

Hi all Regarding AV: have once a look on Palo Alto's "Trap" Very nice idea.. Grüessli rog > Am 16.04.2015 um 16:54 schrieb Mike Kellenberger > : > > Hi all > > I've been contacted by a couple of customers which caught a new virus in the > last few days, sent by e-mail in a .zip file containi

Re: [swinog] New .exe virus in.zip file via mail

2015-04-24 Thread Benoit Panizzon

We see a lot of such viruses at the moment. Clamav is desperately behind all other AV's at the moment... Example: https://www.virustotal.com/de/file/bf84db71be81fa27d0d796d000347d47ef0dcd814062663d556726bf15e15678/analysis/1429864439/ Known since at least one week. Clamav still does not recogniz

Re: [swinog] New .exe virus in.zip file via mail

2015-04-24 Thread Daniel Rechsteiner

Hi Benoit, We see a lot of such viruses at the moment. Clamav is desperately behind all other AV's at the moment... We see them too. It seems Upatre is morphing very quickly, so signature based AV solutions will always be behind. Here Cloudmark recognizes new variants of Upatre in about one

[swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

Re: [swinog] New .exe virus in.zip file via mail

13 matches

Site Navigation

Mail list logo

Footer information