Another dodgy attachement received in Yahoo mail

[davexnet]

HI, I have Windows Defender running with Avast (sans behavior shield).

Downloaded an attachment from Yahoo mail today.  Yahoo's own AV scan didn't detect it,
(what do they use - Norton) ?
Avast didn't detect it, but Windows Defender caught it during the download.

http://www.virustotal.com/file-scan/report.html?id=aa3602bafcf9f73e92c33a559ce560ec8add36a0453654b36e3bb0987bde6536-1304794336


Who was it who said WD was useless? On the contrary, it seems.

[MAG]

Thanks for the info.

I would say expect at least one supportive comment, and maybe the odd dismissive 'it's got to get lucky sometime' from some others

[spg SCOTT]

Those FedEx ones...oh your delivery info is wrong, download a zip and fill in the info using the exe inside...
Yeah right...

Good catch.

Did you forward it to avast?

The only thing it ever catches on my machine is EICAR

[Pondus]

Yahoo's own AV scan didn't detect it, (what do they use - Norton) ?

yes... and this seems to be very new

First seen: 2011-05-07 18:52:16
Last seen : 2011-05-07 18:52:16

AV vendors are usually quickly updated on these mail malware as they are spreading quick so they all get samples quick
If you scan this again in 48 hours i guess you will have a 90% VT score

[davexnet]

Would you like me to forward the sample?

I have to ask, how is MS beating many AV companies at early detection?
What mechanisms do they have in place?  Is it their SpyNet ?

[Pondus]

Would you like me to forward the sample?

I have to ask, how is MS beating many AV companies at early detection?
What mechanisms do they have in place?  Is it their SpyNet ?

could be.... maybe someone like you sendt them a sample...or one of those working at MS got it in the mail...
everyone knows that when you recive a mail from Fedex/ups/DHL etc, they are sucpious and you need to test it at VT before you open....especially if you dont expect to recive anything

[MAG]

Would you like me to forward the sample?

I have to ask, how is MS beating many AV companies at early detection?
What mechanisms do they have in place?  Is it their SpyNet ?

MS is also an av company. WD reporting back to MS is default, and I believe that with MSE it is mandatory - so I guess that must help.

[davexnet]

Sample sent to Pondus at the email address he provided me.

The point I was trying to make was that MS seems to be beating dedicated security companies
at early detection.

What ever mechanism they're using, it seems to work.

Dave

[Asyn]

1. http://www.virustotal.com/file-scan/report.html?id=aa3602bafcf9f73e92c33a559ce560ec8add36a0453654b36e3bb0987bde6536-1304794336

2. Who was it who said WD was useless?

1. Does anyone get a result with this link..?? If so, please post it, as I get: queued
2. I'm one of them.

[davexnet]

You're right - I'm the one who submitted it.  I merely copied the URL when the report was shown to me.
Is there something else I should be doing to get a permanent report?

[spg SCOTT]

1. http://www.virustotal.com/file-scan/report.html?id=aa3602bafcf9f73e92c33a559ce560ec8add36a0453654b36e3bb0987bde6536-1304794336
...

1. Does anyone get a result with this link..?? If so, please post it, as I get: queued
...

File name:
FedEx.zip
Submission date:
2011-05-07 18:52:16 (UTC)
Current status:
finished
Result:
11/ 40 (27.5%)

avast isn't one of them...

Bear in mind that MS also has hotmail...these are a dime a dozen there...they know what to look for

[davexnet]

Here's a screen print for anybody who cannot see VT properly.

[Asyn]

Here's a screen print for anybody who cannot see VT properly.

Thanks for posting the screnshot, but avast's results are not included...

[Pondus]

sample sendt avast/MBAM/SAS    

and if scanned unzipped 13/42 score
http://www.virustotal.com/file-scan/report.html?id=fc05bf35c198b0c582d2e8a1e43b77f3438d7470c829353aa36e89b53f40f905-1304798763

[Left123]

Fedex,good old Bredolab.