Author Topic: Avast completetly ignoring Teslacrypt.  (Read 16051 times)

0 Members and 1 Guest are viewing this topic.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast completetly ignoring Teslacrypt.
« Reply #30 on: March 03, 2016, 08:18:00 PM »
Quote
Why did this malware not get detected?
Read this and other threads and you will know.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast completetly ignoring Teslacrypt.
« Reply #31 on: March 03, 2016, 08:30:02 PM »
We had a customer yesterday where Avast Endpoint Protection Suit Plus, failed to detect TeslaCrypt, thus infecting one PC and encrypting all data stored on the company's server shared data. Thank god there was a backup!

Why did this malware not get detected?
There is always a lag between a new infection or a new variant of an older infection and the time that it's deleted.
There is no Perfect AV ! The infection always comes first and the detection always lags behind.




Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Avast completetly ignoring Teslacrypt.
« Reply #32 on: March 04, 2016, 07:45:55 AM »
Hello,
do you have TeslaCrypt malware files to analyze?

Milos

Offline PureITy

  • Jr. Member
  • **
  • Posts: 22
  • I'm a llama!
Re: Avast completetly ignoring Teslacrypt.
« Reply #33 on: March 04, 2016, 01:23:53 PM »
Yes we still have the email that it originated from.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast completetly ignoring Teslacrypt.
« Reply #34 on: March 04, 2016, 01:28:01 PM »
Upload attachment to virustotal.com if scanned before click rescan for a fresh result

Post link to scan result here

Offline PureITy

  • Jr. Member
  • **
  • Posts: 22
  • I'm a llama!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast completetly ignoring Teslacrypt.
« Reply #36 on: March 04, 2016, 02:18:57 PM »
The scan result is here: https://www.virustotal.com/en/file/1c26e59f92978f9971f1ea250752089869285e4ea375d02cf567138f110365e0/analysis/1457095059/
Seems to be detected now   ;)

However the payload (possible ransomware) we do not know, but i guess Milos is working on it as we speak   ;)




« Last Edit: March 04, 2016, 02:21:57 PM by Pondus »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Avast completetly ignoring Teslacrypt.
« Reply #37 on: March 04, 2016, 02:21:12 PM »
Thanks for the scan result. From what I see we did not have this document before. We created detection on similar document, but it was released too late for you :-(.
Can I ask how the document was opened? If it was MS Office, which version? What email client was used? Or it was saved from webmail and openned by user and macros were enabled by user?

Milos

Offline PureITy

  • Jr. Member
  • **
  • Posts: 22
  • I'm a llama!
Re: Avast completetly ignoring Teslacrypt.
« Reply #38 on: March 04, 2016, 02:21:55 PM »
Yes it does. The infection happened on Wednesday 2/3/2016. It must have been a new variation which is now being detected.

Offline PureITy

  • Jr. Member
  • **
  • Posts: 22
  • I'm a llama!
Re: Avast completetly ignoring Teslacrypt.
« Reply #39 on: March 04, 2016, 02:25:53 PM »
It came in via email. The email client was Outlook 2013. The user normally is pretty good at blocking such emails, but on this occasion he must have opened the attachment. Lessons learnt as they say!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast completetly ignoring Teslacrypt.
« Reply #40 on: March 04, 2016, 02:33:57 PM »
It came in via email. The email client was Outlook 2013. The user normally is pretty good at blocking such emails, but on this occasion he must have opened the attachment. Lessons learnt as they say!
Unfortunately this is still very evident:
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast completetly ignoring Teslacrypt.
« Reply #41 on: March 04, 2016, 02:39:38 PM »
It came in via email. The email client was Outlook 2013. The user normally is pretty good at blocking such emails, but on this occasion he must have opened the attachment. Lessons learnt as they say!
always upload attachments and test before you open    ;)

www.virustotal.com  /  www.metascan-online.com  /  www.jotti.org

and if not detected, send it to avast  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

« Last Edit: March 04, 2016, 02:41:34 PM by Pondus »