New Downloader malware [Solved]

[Yanto.Chiang]

Dear All,

Just would like to share that this morning one of friend of mine share to me that his avast still can't detect the file which's he earn this file from his email with subject about tax or some financial stuff.

According to the virustotal this file only indicated 11.6% as part of downloader malware, i share the link : http://www.virustotal.com/file-scan/report.html?id=b6ca07b2df26ff68cb7d252f36c4a550f7cf7f02411e30b37ad31fdf0feeef3f-1297911896

And i upload the infected file with password protected on mediafire : hxtp://www.mediafire.com/?0c11pru141l1m15

Please take a note you may try if you already realize the dangerous of this file

cheers,

[polonus]

Hi Yanto.Chiang,

Could you also upload the Lofog downloadert malware here: http://subwiz.trendmicro.com/SubWiz/Default.asp  (free for non-registered users) as a lot of users have the additional Bitdefender QuickScan in their Google Chrome Browser as it comes with their instance of Quick and Clean extension,

polonus

[DavidR]

@ Yanto.Chiang
Please don't post links to file share sites for malware, as you have no control over who downloads it or what they do with it.

Samples should be sent directly to avast and not use the forum as a quasi malware distribution service.

Latest VT Results 15/43 http://www.virustotal.com/file-scan/report.html?id=b6ca07b2df26ff68cb7d252f36c4a550f7cf7f02411e30b37ad31fdf0feeef3f-1297965381

[polonus]

Agree with DavidR that links to live malware should be uploaded for official detection to avast (this also should be indirectly done through uploading to virustotal and via other av reporting channels.)
What I rather would see is avast detection for it as there is a lot of activity seen for this malware just now, BitDefenbder reports Gen:Variant.Kazy.12895 with a 48.28% prevalence on their servers recently via their [Real-time Virus Reporting]  - Last 24 hours, see link: http://www.bitdefender.com.au/site/VirusInfo/realTimeReporting/1/mail

So avast detection of it might be urgent. This I conclude from the virustotal link given by DavidR. Is it right that avast does not detect this malware yet?
I reported this earlier here:
http://forum.avast.com/index.php?topic=71384.0

polonus

[Yanto.Chiang]

@Polonus : Did you mean that i upload through Suspicious file link?

@DavidR : I am sorry to did that, let me remove the upload file link


The latest update for this kind of file is already 44.2% which is about 19 AV engines has detect this suspicious malware

source : http://www.virustotal.com/file-scan/report.html?id=b6ca07b2df26ff68cb7d252f36c4a550f7cf7f02411e30b37ad31fdf0feeef3f-1297989173

I got the another malware sample which's maybe avast not detect yet, and will submit the report in this thread as well...just hold on second let me analyze it first.

cheers,

[DavidR]

The thing about file sharing sites isn't just that the link is live, but that it is there at all. This forum is a publicly available web site so people can see/browse and we have no control over their actions.

Whilst Milos has edited the link to stop it being active it is still there it doesn't take a rocket scientist to change the xx back and gain access. So personally I don't feel it should be there at all, undetected samples should be shared only with avast so that they can add the detections, other than that no one else really needs to know.

[Yanto.Chiang]

Hi David,

Ok thank you very much for once kindly advice..

In the future i will only shared with the avast viruslab team only, actually before i share in this forum i have submit to virus @ avast . com already.

Today after i retry to scan this file, avast has detect this as trojan gen file.

cheers,