> Am 16.04.2015 um 16:54 schrieb Mike Kellenberger 
> <mike.kellenber...@escapenet.ch <mailto:mike.kellenber...@escapenet.ch>>:
> 
> Hi all
> 
> I've been contacted by a couple of customers which caught a new virus in the 
> last few days, sent by e-mail in a .zip file containing an .exe. (yes, there 
> are still people out there who open these kind of attachments if they come 
> from a known address)
> 
> The .zip file passes our AV on the mailserver (Kaspersky) as well as our 
> desktop AV (Symantec) with the newest definitions.
> 
> Once infected, it spreads via e-mail (probably through the outlook e-mail 
> profile, it authenticates nicely against our mailserver anyway) blasting out 
> hundreds of mails in a single short session only to sleep again until the 
> next day...
> 
> Has anybody else seen this? Is there a name or details or cure fo it yet?


virustotal will tell you a name, which you can google.

Antivirus is a bit of a placebo and snake oil - but surprisingly, a lot of 
people still believe in its value for them while the only value it really has 
is for those who sell signature-updates...

I’m pretty sure you can also block exe’s in zips - AFAIK, google has recently 
started blocking exes, too.

https://support.google.com/mail/answer/6590?hl=en 
<https://support.google.com/mail/answer/6590?hl=en>

Bugs in „popular“ office-productivity software would in practice require to 
block .doc, .xsl, .ppt etc.
So, it’s not usually done.

I’d be glad that the thing was so noisy. If it was an APT-style attack, you’d 
only realize it months later (or not at all, until MELANI and SWITCH contact 
you, or worse: the press).
Or maybe there’s an APT going on in the background and this was only the decoy 
;-)



_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Antwort per Email an