Hi
On Monday 15 February 2010 at 9:15:38 PM, in <mid:[email protected]>, Peter Meyns wrote: > since a couple of weeks I keep getting warnings from > Avira about C:\Documents and Settings\user\Local > Settings\Temp\batHEX.tmp, where HEX is a hexadecimal > number from one to three digits. According to Avira it > contains signs of an "HTML/Spoofing.Gen". It only > occurs, when The Bat! downloads messages, but it > doesn't always occur when downloading messages. Any > ideas? > I don't really worry about this, as Avira blocks it > anyway, I'm just curious. Is this The Bat!'s problem or > Avira's? My guess is either you are sometimes receiving emails containing a malicious script in connection with a Phishing/ url spoofing scam, or it's a false positive. Googling "HTML/Spoofing.Gen" the first result is at http://www.avira.com/en/threats/section/fulldetails/id_vir/4139/html_spoofing.gen.html and I quote:- Special detection HTML/Spoofing.Gen Description: A Homepage can use a HTML trick to fool the user. This is called "spoofing". Very often the URL of a homepage is not displayed correctly and the user thinks he is visiting a banking site. In reality he visits a page created by the malware author which looks like a banking site to steal users identities and passwords. Version history: The following engine updates were released in order to enhance detection: • 7.08.00.04 ( 08/04/2007 ) • 7.09.00.04 ( 15/10/2008 ) • 7.09.00.26 ( 05/11/2008 ) [snipped most of the list] • 7.09.01.146/8.02.01.146 ( 20/01/2010 ) • 7.09.01.150/8.02.01.150 ( 22/01/2010 ) • 7.09.01.156/8.02.01.156 ( 01/02/2010 ) Note the latest update to improve detection was a couple of weeks ago. One of my search results was a post from an Outlook user who was getting that warning when sending/receiving mail last May, and another was from somebody a year ago who was getting that same warning when opening PayPal's website (no mention of which browser but some of the info suggests it exploits an IE vulnerability). -- Best regards MFPA mailto:[email protected] No matter where you go, there you are. Using The Bat! v4.0.38 on Windows XP 5.1 Build 2600 ________________________________________________ Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
