I just receveid an Email from a Fake American Express with an Zip Attachment so I decided to save it and scan it with WSA and it was detected Wed 24-04-2013 14:18:08.0916 Infection detected: c:usersdanieldownloadssecuremail.zip/securemail.exe [MD5: 6870FD8FD2B2BEDD83E218D9E7E4DE8B] [3/00080001] [W32.Rogue.Gen] so I uploaded to VirusTotal to see the results15/46 https://www.virustotal.com/en/file/550b36fc4079a353a3b7dbae9580cf8a7f3798db4d02801d3392e974378fd651/analysis/1366827581/ but allot of the big hitters sort of to say it's still not detected. Great Job Webroot as I get so many of these Fake emails and my ISP uses Norton AntiVirus and does not catch them 99% of the time. ;) Note: Don't do this at home kids unless you know what you are doing.
TH
Fake American Express Email
+56
Seems quite a few big names missed it... tsk tsk.
😉
😉
+56@DavidP wrote:Yes I agree and the thing is WSA does not wast time scanning email but if the Attachment is unzipped WSA jumps on it like a Pit Bull or is that John Bull or Red Bull? 😉 As most people should just delete them but if not and they are using WSA they are well protected in any event. Some people call me a fanboy on other forums but the proof is in the pudding they just have to understand how WSA really works it's the future and it's here now!
Seems quite a few big names missed it... tsk tsk.
;)
Daniel
I admit, when I first heard about Webroot's approach, I was not sold on it nor convinced it would be effective.@ wrote:
Yes I agree and the thing is WSA does not wast time scanning email but if the Attachment is unzipped WSA jumps on it like a Pit Bull or is that John Bull or Red Bull? 😉 As most people should just delete them but if not and they are using WSA they are well protected in any event.
Daniel
I am sold on it now, it really does work without making your computer work overtime.
+56@DavidP wrote:It's a 712kb download for the PC version installs in about a minute or two and auto updates in a flash of an eye and 2 to 5MB's of Ram usage. Like Joe said in one PC Mag article most Bitmap Image's are bigger than the install file. LOL
I admit, when I first heard about Webroot's approach, I was not sold on it nor convinced it would be effective.@ wrote:
Yes I agree and the thing is WSA does not wast time scanning email but if the Attachment is unzipped WSA jumps on it like a Pit Bull or is that John Bull or Red Bull? 😉 As most people should just delete them but if not and they are using WSA they are well protected in any event.
Daniel
I am sold on it now, it really does work without making your computer work overtime.
Daniel
I actually enjoy getting files like that so I can play with them a little bit. Sometimes run the in a virtualized enviornment and see what changes it makes and who can really catch it. So far, Webroot has been the best of the lot, catching some files that other "Big-Name" products do not.
Daniel, I am glad WSA stood up and secured your machine. Moreover WSA was between the first to caught this malware! Great work Webroot folks.
We saw that on the 24th of April, we regularly see stuff bad before other AV`s. That file itself has a Adobe icon uses about 8mb of RAM when initiall run. Seems it drops a file in the users app data and creates a shell entry for said file. I was hoping it was going to do something exiting and cool.
I ❤️ ❤️ WEBROOT. 😃@ wrote:
we regularly see stuff bad before other AV`s.
Mac Mini, M-4, 24 GB Memory, 1 TB SSD, macOS Sequoia 15.7.2 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
+6It's always a bummer when you run a malware sample and it's designed to be super-simple to evade AV heuristics. No fun in that.
I endorse the site malwr.com as a first-line sandbox to make sure the malware is juicy.
I endorse the site malwr.com as a first-line sandbox to make sure the malware is juicy.
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.