Author Topic: Spam not detected (Read 2712 times)

jefferson sant · « **on:** March 18, 2019, 01:41:59 AM »

GloboPlay for only 4.99 monthly. First week free!

Only here you marathon the best series, spy the BBB and do not lose your novel.for only $ 4.99 / month.

WELCOME 7 DAYS FREE

Promotional price valid for 12 months. After, $ 24.90 / month. You can cancel online anytime.

https://www.virustotal.com/gui/url/3c172e4d513a7aaaae7b72daa6ec19613453b04076f6bd88a5f23d566baa79a8/detection

DavidR · « **Reply #1 on:** March 18, 2019, 01:57:01 AM »

What spam where ?

If you are talking about Avast for windows - As far as I'm aware the Mail Shield doesn't detect spam.

Whilst the Avast plug-in/add-on for MS Outlook can look for Spam and the user can mark it as spam. I don't use MS Outlook so I can't speak from personal experience.

The VT results aren't conclusive 2 detections but one is a bit iffy anyway. Plus the VT results are looking at a site, not an email.

jefferson sant · « **Reply #2 on:** March 18, 2019, 03:05:42 AM »

Hi DavidR.

The message comes from an webmail, I do not have MS Outlook.The above text tells and site something that i myself maybe could not classify as phishing or Scam.Website content is legitimate, but the one that was injected a window of a Java update and I do not see this shown after 12.02.2019.

Diagnosing solutions and problems
We detected that you are using an old version 42 released in April 2017, Oracle has disabled the default way browsers support plugins.
Start the update

What we have this file jre-8u205-bin-win-x86.cmd when accessing the option update.

https://www.virustotal.com/gui/file/ef4ff0820cc58db3e75cb77dd1213e9b192d352ea69a9b39a56bbeb2edcd59b7/detection

avast did not detect when scanning and run there was no detection by the of the Shields in a VM.

it's attached

DavidR · « **Reply #3 on:** March 18, 2019, 11:30:56 AM »

This is certainly strange, it may be that avast doesn't like the redirect. Or something to do with JAVA, I have long since abandoned JAVA as it is such a huge target for malware attack.

Do you actually have JAVA installed and more importantly do you actually use it ?

Websites have pretty much stopped using it, but some programs are JAVA based or require it. I don't know if it is a legitimate call to update the JAVA Runtime Environment (JRE), or if this is what avast is concerned with.

jefferson sant · « **Reply #4 on:** March 18, 2019, 11:30:27 PM »

the test was on a machine that had Java recent installed , but the plugin was disabled in the browser, message was a distraction to try,intention of the coup that nothing connects one thing with another,but of course it was not an application legitim and after the execution of the file cmd ,malware created, the file name placed according to the user's account name in PC.

User.vbs

https://www.virustotal.com/gui/file/6edc86be47a1631cf7a77756173fe49803e37062bb0a2d31440b786726dc6b44/detection

polonus · « **Reply #5 on:** March 18, 2019, 11:57:16 PM »

Hi jefferson sant,

Have a hunch it is Mirai bot related, awful lot of that going on lately.

pol

DavidR · « **Reply #6 on:** March 19, 2019, 12:01:28 AM »

@ jefferson sant
It could still be trying to get out even with the browser plugin disabled, given that at first it was reporting it was out of date.

The of the VT, most generic/heuristic and many have the same malware name (more of an indication they are using the same virus database), lowering the effective number of detections. Yet Avast isn't detecting it but is possibly blocking attempts to connect to a site that avast considers suspect.

I would certainly suggest uninstalling JAVA and not just disabling the browser add-on.

I have no idea if this is Mirai bot related or not or if it uses JAVA to reach out.

jefferson sant · « **Reply #7 on:** March 19, 2019, 12:15:51 AM »

Hi polonus

The file vbs,there is an address of an image likely to a news or rumor.

"bbb19 globo pronounced after opening of inquiry on racism"

@DavidR

Thanks for the suggestion.

DavidR · « **Reply #8 on:** March 19, 2019, 02:26:51 AM »

You're welcome.

The general recommendation is, if you don't have a specific reason to have JAVA installed I would certainly uninstall it (essential requirement in a program or a site that requires JAVA (I would be looking for a replacement program or site).

TrueIndian · « **Reply #9 on:** March 25, 2019, 07:58:21 AM »

The samples dont run just crash so no chance for behavior shield to come into play.Submitted to virus lab.

jefferson sant · « **Reply #10 on:** March 26, 2019, 03:15:44 AM »

Quote from: TrueIndian on March 25, 2019, 07:58:21 AM

The samples dont run just crash so no chance for behavior shield to come into play.Submitted to virus lab.

Hello TrueIndian.

The samples not crashed and run,same what there no detection,for lack of mode unauthorized on behavior shield would prevent the changes from being made and capture information such as the machine name or other actions malicious.

TrueIndian · « **Reply #11 on:** April 03, 2019, 05:22:43 PM »

Hey there ! Have you re-submitted the sample? Is it detected now??

jefferson sant · « **Reply #12 on:** April 04, 2019, 04:17:34 AM »

Quote from: TrueIndian on April 03, 2019, 05:22:43 PM

Hey there ! Have you re-submitted the sample? Is it detected now??

Analysis they were submitted in the vírus chest in 13.02.2019.
I sent on the 27.02.2019 and later 03.03.2019 through in the contact form https://www.avast.com/en-us/report-malicious-file.php

No detection yet.

Author Topic: Spam not detected (Read 2712 times)

jefferson sant

Spam not detected

DavidR

Re: Spam not detected

jefferson sant

Re: Spam not detected

DavidR

Re: Spam not detected

jefferson sant

Re: Spam not detected

polonus

Re: Spam not detected

DavidR

Re: Spam not detected

jefferson sant

Re: Spam not detected

DavidR

Re: Spam not detected

TrueIndian

Re: Spam not detected

jefferson sant

Re: Spam not detected

TrueIndian

Re: Spam not detected

jefferson sant

Re: Spam not detected