News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 01, 2014, 14:18:30
Pages: 1 ... 8 9 [10]
 91 
 on: August 21, 2014, 01:19:20  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

UPS - data breach at 51 locations
- http://www.reuters.com/article/2014/08/20/united-parcel-cybercrime-idUSL4N0QQ5CF20140820
Aug 20 2014 - "UPS Store Inc, a unit of United Parcel Service Inc, warned of a potential data breach at about 51 of its franchised center locations in 24 states across the United States. There was no evidence of fraud arising from the incident, the company said. UPS Store said customers who used a credit or debit card at the stores between Jan. 20 and Aug. 11 may have been exposed to a malware identified in the company's systems at the locations. The company said the customer information that may have been exposed includes names, postal addresses, email addresses and payment card information. The UPS Store network is a franchise system of retail shipping, postal, print and business service centers in the Unites States. UPS Store has about 4,470 franchised center locations in the United States. UPS Store said the period of exposure to the malware began after March 26 at most of the locations. The malware was eliminated as of Aug. 11 and customers can shop securely at the company's locations, UPS Store said. The malware intrusion was notified by the U.S. government, the company said, adding it was among many other retailers alerted by the government. The malware was not present on the computing systems of any other UPS business entities, UPS Store said..."

- http://www.theupsstore.com/security/Pages/default.aspx
"... impacted center locations, along with the timeframe for potential exposure to this malware at each location..."

> https://www.us-cert.gov/ncas/alerts/TA14-212A
Last revised: Aug 18, 2014
___

- http://atlas.arbor.net/briefs/index#-966807597
High Severity
21 Aug 2014

 Shocked  Sad

 92 
 on: August 20, 2014, 06:31:01  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Apache OFBiz 12.04.04 released
- http://www.securitytracker.com/id/1030739
CVE-2014-0232
Aug 19 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes 
Version(s): 12.04.* prior to 12.04.04, 11.04.* prior to 12.04.04 ...

> https://ofbiz.apache.org/download.html

 Exclamation

 93 
 on: August 20, 2014, 05:13:56  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Azure cloud restored after major outage...
- http://www.theinquirer.net/inquirer/news/2360970/microsofts-azure-cloud-restored-after-suffering-a-major-outage
Aug 19 2014 - "Microsofts's Azure Cloud Service has encountered partial, and in some cases complete, outages around the world. Twitter users have reported Azure being slightly wobbly for the past few days, and then last night a number of outage reports were posted on the Azure service status webpage*..."
* https://azure.microsoft.com/en-us/status/#history
___

Also see: "September 2014" - same URL as above.
___

- http://www.netskope.com/blog/84-european-security-practitioners-report-dont-believe-cloud-service-providers-notify-immediately-intellectual-property-business-confidential/
Sep 17, 2014 - "84% of European IT and security practitioners report that they don’t believe their cloud service providers would notify them immediately if their intellectual property or business confidential information were breached. This finding is from our most recent report entitled “Data Breach: The Cloud Multiplier Effect in European Countries,” a collaboration with research firm the Ponemon Institute*. It highlights the profound lack of trust that European IT professionals have in the cloud, and the significant hurdle the industry must overcome for those professionals to get comfortable with the massive cloud adoption that is happening in enterprises across the region."
* http://www.ponemon.org/blog/can-a-data-breach-in-the-cloud-result-in-a-larger-and-more-costly-incident

 Shocked  Sad

 94 
 on: August 20, 2014, 03:05:21  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Cryptolocker flogged on YouTube
- http://www.theregister.co.uk/2014/08/20/cryptolocker_flogged_on_youtube/
20 Aug 2014 - "Cryptolocker is being flogged over YouTube by vxers who have bought advertising space... researchers made the discovery while monitoring YouTube and website banners for instances where malware writers had actually purchased space to foist their wares on -unpatched- web users. The duo who will present at the upcoming Virus Bulletin 2014 conference in Seattle wrote in a paper advertisement networks was a viable way to flog virus and trojans. "We conclude that ad networks could be leveraged to aid, or even be substituted for current exploit kits," they said. Purchased ad space was a cheap and effective means of foisting browser malware allowing attackers to filter victims by language, location, and interests, VB reported. Malware contained in ads could be obfuscated and then unleashed once conditions like operating systems, browser versions and other elements were met.
> http://regmedia.co.uk/2014/08/19/tghfgh55.png
CryptoLocker surfaced in September distributed through Gameover ZeuS. It encrypted important files such as images and documents on compromised Windows machines before demanding that victim pay up to $500 in BitCoins within 72 hours for the private keys necessary to unlock files. CryptoLocker used AES symmetric cryptography to encrypt the files and encrypted the AES key with an RSA-2048 bit public key generated on its server side. It came as -malvertisers- were caught flinging malware over Yahoo! ad networks*...
> http://regmedia.co.uk/2014/08/19/fghji87y6t.png
... Many excess ad spaces were flogged through affiliates which may accept advertisements without checking the authenticity of the buyer nor the code to be run. Even those that do could end up foisting malware if they failed to detect an attackers' code alterations made after the purchase in order to quietly slip in the malware. The research pair said there was very little advertising networks could do to prevent the attacks."
* http://www.theregister.co.uk/2014/08/11/cryptowall_malvertising_yahoo_ad_network/

> https://www.virusbtn.com/conference/vb2014/abstracts/KashyapKotovNavaraj.xml
___

Fake Order SPAM – PDF malware
- http://myonlinesecurity.co.uk/order-pdf-malware/
20 Aug 2014 - "'Order – PDF' which comes as an email with a subject of order-6539-8.20.2014.pdf ( where the number is random & the date changes daily is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... These emails have no body content and just a subject of order-6539-8.20.2014.pdf ( the number is random ) They appear to come from a load of common first names with weird characters form the second part of the alleged senders... previous post about this type of attack:
- http://myonlinesecurity.co.uk/infected-malformed-pdf-attachments-emails/
Today’s version although it pretends to be a PDF file is actually a zip file that probably either use some unknown exploit to extract it or the bad actors sending today’s malware have misconfigured the botnet sending it and it won’t automatically extract at all so users will be safe...
20 August 2014: order-6539-8.20.2014.pdf (84 kb) Extracts to order 8.20.2014.exe
Current Virus total detections for pdf is : 2/50* . Current Virus total detections for the extracted .exe : 2/53** . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/f84c3bb9f4dcb2961193ad4cdbcd7e882a14f0e19a5f8f68c8aa8c5bd73ba7e0/analysis/1408523288/

** https://www.virustotal.com/en/file/3e135db147e93080de32d3bc5eb27049dec5542493062cc2c7e338d901ddf559/analysis/1408523722/
___

'Reveton' ransomware adds powerful password stealer
- https://www.computerworld.com/s/article/9250503/_Reveton_ransomware_adds_powerful_password_stealer
Aug 20, 2014 - ""A type of malware called Reveton, which -falsely- warns users they've broken the law and demands payment of a fine, has been -upgraded- with powerful password stealing functions, according to Avast*. Reveton is in a class of nasty programs known as "ransomware," which includes the notorious Cryptolocker program that encrypts a computer's files. The FBI issued a warning about Reveton in August 2012 after its Internet Crime Complaint Center was flooded with complaints. The malware often infects computers via drive-by download when a person visits a website rigged to automatically exploit software vulnerabilities. Users are helpless after the computer is locked, with Reveton demanding a few hundred dollars as ransom payable various web-money services... The version of Reveton analyzed by Avast also has another password stealer from the Papras family of malware. It's not as effective as Pony but can disable security programs, the company wrote on its blog*. This particular sample of Reveton was pre-programmed to search a web browser's history and cookies to see if the user had visited online sites of 17 German banks... Around February 2013, an ethnic Russian man was arrested in Dubai upon request of Spanish police for allegedly coordinating Reveton campaigns, netting... US$1.3 million. Ten other people were also arrested on money laundering charges for allegedly laundering the proceeds and transferring funds to Russia, according to Trend Micro**."
* http://blog.avast.com/2014/08/19/reveton-ransomware-has-dangerously-evolved/

** http://blog.trendmicro.com/trendlabs-security-intelligence/key-figure-in-police-ransomware-activity-nabbed-2/
___

Linux Trojan makes the jump to Windows
- http://www.theinquirer.net/inquirer/news/2361245/chinese-linux-trojan-makes-the-jump-to-windows
Aug 20 2014 - "... the original malware known as "Linux.Dnsamp" is a Distributed Denial of Service (DDoS) Trojan, which, according to the company blog*, transfers between Linux machines, altering the startup scripts, collecting and sending machine configuration data to the hackers' server and then running silently waiting for orders. Now it appears that the same hackers have ported the Trojan to run in Windows as "Trojan.Dnsamp.1"**. The Windows version gains entry to the system under the guise of a Windows Service Test called "My Test 1". It is then saved in the system folder of the infected machine under the name "vmware-vmx.exe". When triggered, just like its Linux counterpart, the Trojan sends system information back to the hackers' central server and then awaits the signal to start a DDoS attack or start downloading other malicious programs... Although the threat of malware is an everyday hazard to most computer users, to find an attack on Linux is much rarer, and to find any kind of malware that has been ported from one operating system to another is almost unheard of... Project Shield***, an initative designed to help smaller web servers fight off DDoS attacks."
* http://news.drweb.com/show/?i=5760&c=23&lng=en&p=1

** http://news.drweb.com/show/?i=5903&lng=en&c=14

*** https://projectshield.withgoogle.com/en/

 Evil or Very Mad Evil or Very Mad  Sad

 95 
 on: August 19, 2014, 12:49:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Java 8u20 released
- http://www.oracle.com/technetwork/java/javase/downloads/index.html
Aug 19, 2014

Release Notes
- http://www.oracle.com/technetwork/java/javase/8u20-relnotes-2257729.html

Java JRE 8u20 download
- http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

(-still-) Recommended Version 7 Update 67
- https://www.java.com/en/download/manual.jsp

 Exclamation

 96 
 on: August 19, 2014, 09:09:00  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Companies House Spam
- http://threattrack.tumblr.com/post/95187807503/companies-house-annual-return-spam
Aug 19, 2014 - "Subjects Seen:
   (AR01) Annual Return received
Typical e-mail details:
   Thank you for completing a submission Reference # (9586474).
        (AR01) Annual Return
    Your unique submission number is 9586474
    Please quote this number in any communications with Companies House.
    Check attachment to confirm acceptance or rejection of this filing.


Malicious File Name and MD5:
    AR01_021434.scr (3324B40B5D213BEC291F9F86F0D80F64)
    AR01_021434.zip (7D65D78B6E35843B6FF3C4C46BAAC37A)


Screenshot: https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/342609410f7d088e77e269adf8ed8b38/tumblr_inline_nak1zyZubX1r6pupn.png

Tagged: Companies House, Upatre
___

JPMorgan Chase Secure Message Spam
- http://threattrack.tumblr.com/post/95215399913/jpmorgan-chase-secure-message-spam
Aug 19, 2014 - "Subjects Seen:
   Daily Report - August 19, 2014
Typical e-mail details:
   This is a secure, encrypted message.
    Desktop Users:
    Open the attachment (message_zdm.html) and follow the instructions.
    Mobile Users:
    Voltage secure mail is not currently supported on mobile devices. If you experience issues, please access your secure message from a fully functional browser.


Malicious URLs:
    192.241.124.71 /securemail/jpmchase.com/formpostdir/Java/Java_update.exe

Malicious File Name and MD5:
    message_zdm.html (550CB01F07DB2363437C8627697C6B1F)
    Java_update.exe (38d75db0a575891506b1ff0484a03cd0)


Screenshot: https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/332320ce00484e282636a9e2d20b0764/tumblr_inline_naklp7JVOT1r6pupn.png

192.241.124.71: https://www.virustotal.com/en/ip-address/192.241.124.71/information/

Tagged: JPMorgan, Chase, Dyreza
___

- http://myonlinesecurity.co.uk/jpmorgan-chase-co-daily-report-august-19-2014-malware/
Aug 19 2014 - "'JPMorgan Chase & Co Daily Report – August 19, 2014' pretending to come from various names at @ jpmorgan .com is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... email looks like:

Screenshot: http://myonlinesecurity.co.uk/wp-content/uploads/2014/08/Daily-Report-August-19-2014.png

... the html attachment that comes with the email l0oks like the below and clicking the link hidden behind the Click to read message button leads to a fake Java_update.exe
> http://myonlinesecurity.co.uk/wp-content/uploads/2014/08/Daily-Report-August-19-2014_2.png
Todays Date: Java_update.exe .. Current Virus total detections: 5/53*  
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should -not- be run or opened..."
* https://www.virustotal.com/en/file/003529bb37382ad19d22b39d3295e297220c21d59418eb1b861ac3a7fb012a96/analysis/
___

Fake Evernote extension serves Ads
- https://blog.malwarebytes.org/intelligence/2014/08/fake-evernote-extension-serves-advertisements/
Aug 19, 2014 - "... a Multiplug PUP that installs a -fake- Evernote browser extension. Fellow researchers can find the link to this sample on VirusTotal here*...
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/cert_info.png
When you execute the PUP, it silently installs a web extension for the Google Chrome, Torch, and Comodo Dragon browsers. The extension takes the form of three obfuscated JavaScript files and one HTML file. The picture shows these files installed in Chrome’s extension directory on a Windows 7 PC.
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/chrome_ext_files.png
... The extension that’s installed is called “Evernote Web,” just like the real extension from Evernote.com. When taking a look at the Chrome extensions page, we can see the extension installed there with the ID “lbfehkoinhhcknnbdgnnmjhiladcgbol,” just like the real Evernote Web extension.
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/evernote.png
Clicking “Visit website” directs the user to the chrome webstore page for the actual Evernote Web extension. Chrome believes the real extension is installed, as verified by the Launch App button. When clicking this button with the fake extension installed, nothing happens, whereas normally the user is met with an Evernote log in screen.
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/fake_evernote_chrome_store.png
On the surface, it may seem like the pop ups and advertisements are coming from the websites themselves, but are in fact from the fake Evernote web extension.
Fortunately, removing the extension is a simple task. For Chrome users, simply visit the extensions page and click the picture of a garbage can, and you’re done. You also might want to run a free scan using your Antivirus or Anti-malware programs (like Malwarebytes Anti-Malware) to make sure there wasn’t anything -else- added while you had the extension."
*  https://www.virustotal.com/en/file/6a15febcf9a963a2c5122a71d690b5987f78d59b7e9bc5f28f991ce53043fbf4/analysis/
___

Fake Scotiabank SPAM – PDF malware
- http://myonlinesecurity.co.uk/scotiabank-new-instructions-international-local-transfers-fake-pdf-malware/
18 Aug 2014 - "Scotiabank New Instructions for International and local transfers pretending to come from Mallerlyn Bido <mallerlyn.bido@ scotiabank .com> is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email reads:
   Dear Clients
    Hereby we inform you that starting next Tuesday, August 19 all instructions of local and international transfers that are sent to our institution must be completed by a transfer form specifically allocated for the purpose, which will be replacing the letter instruction tend to complete.
    This new document has been implemented to meet international requirements and simultaneously control to make their operations safer.
    We take this opportunity to inform you that the operations of International Transfers can be made &#8203;&#8203;via our internet platform banking the need to complete these types of forms.
    Annex find the forms that apply to transfers in USD and EUR as well as the form used for ACH transfers manuals with some notes to use as a guide to complete. These templates can be saved for you with your details for future use.(See attached file: Outgoing Global.doc Form) (See attached file: Outgoing JPM.doc Form) (See attached file: Form ACH..doc) ...
Best regards,
Mallerlyn Bido | Gerente Soporte al Cliente | BSC ...


18 August 2014: New Instructions for International and Local transfers.zip ( 8kb) :
Extracts to New Instructions for International and Local transfers.exe
Current Virus total detections: 3/52* . This Scotiabank New Instructions for International and local transfers is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/2d844bbc8af9af835423ef9d862d86eac7f2f07812c0e0b263124de9e9d98b68/analysis/1408393889/

 Evil or Very Mad  Sad

 97 
 on: August 18, 2014, 18:20:40  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

August 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/archive/2014/08/18/august-2014-security-bulletin-webcast-and-q-amp-a.aspx
18 Aug 2014 - "Today, we published the August 2014 Security Bulletin webcast questions and answers page*... We answered ten questions on air, with the majority focusing on the update for Internet Explorer... We are aware of some issues related to the recent updates and are working on a fix. For more information please read KB 2982791**..."

* http://blogs.technet.com/b/msrc/p/aug-2014-security-bulletin-q-a.aspx
Aug 13, 2014

** https://support.microsoft.com/kb/2982791
Last Review: Aug 19, 2014 - Rev: 4.2

 Exclamation

 98 
 on: August 18, 2014, 07:49:09  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Breach at Community Health Systems - data on 4.5M stolen in cyber attack
- http://www.reuters.com/article/2014/08/18/us-community-health-cybersecurity-idUSKBN0GI16N20140818
Aug 18, 2014 - "U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June. The company said the data, considered protected under the Health Insurance Portability and Accountability Act, included patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit card or medical information, Community Health Systems said in a regulatory filing. It said the security breach had affected about 4.5 million people who were referred for or received services from doctors affiliated with the hospital group in the last five years. The FBI warned healthcare providers in April that their cybersecurity systems were lax compared to other sectors, making them vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions... The company said it and its security contractor, FireEye Inc unit Mandiant, believed the attackers originated from China. They did not provide further information about why they believed this was the case. They said they used -malware- and other technology to copy and transfer this data and information from its system..."
___

- https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/
Aug 19, 2014 - "... a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach. The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information... This is the first confirmed breach of its kind where the heartbleed bug is the known initial attack vector that was used..."

- http://www.reuters.com/article/2014/08/20/us-community-health-cybersecurity-idUSKBN0GK0H420140820
Aug 20, 2014 - "... Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data center software and telecommunications equipment. It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace..."
___

- http://atlas.arbor.net/briefs/index#-1319592123
High Severity
21 Aug 2014

 Evil or Very Mad  Sad

 99 
 on: August 16, 2014, 01:51:29  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS14-045 - See "Known issues" ...
- https://support.microsoft.com/kb/2982791
Last Review: August 19, 2014 - Revision: 4.2 - "... Status:
Microsoft has -removed- the download links to these updates while these issues are being investigated...
Mitigations: Open the Programs and Features item in Control Panel, and then click View installed updates. Find and then -uninstall- any of the following update that are currently installed:
    KB2982791
    KB2970228
    KB2975719
    KB2975331 ..."
(More detail at the URL above.)

- https://technet.microsoft.com/library/security/ms14-045
V2.0 (August 15, 2014): Bulletin revised to -remove- Download Center links for Microsoft security update 2982791. Microsoft recommends that customers -uninstall- this update. See the Update FAQ for details.
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

 Exclamation Exclamation

 100 
 on: August 15, 2014, 06:14:30  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Barclays SPAM - Trojan.Ransom.ED
- http://blog.mxlab.eu/2014/08/15/fake-email-transaction-completed-from-barclays-contains-trojan-ransom-ed/
Aug 15, 2014 - "... intercepted a new trojan distribution campaign by email with the subject “Your transaction is completed”. This email is send from the spoofed address “Barclays.NET” <support@ barclays .net>” and has the following body:
    Transaction is completed. 8678 GBP has been successfully transfered.
    If the transaction was made by mistake please contact our customer service.
    Payment receipt is attached.
    *** This is an automatically generated email, please do not reply ***
    Barclays.Net 2013 Corporation. All rights reserved.


The attached ZIP file has the name Payment receipt 1534465.zip and contains the 70 kB large file Payment receipt 8821991.exe (note: file name may vary with each email). The trojan is known as Trojan.Ransom.ED or Mal/Generic-S. At the time of writing, 2 of the 54 engines did detect the trojan at Virus Total*..."
* https://www.virustotal.com/en/file/baa52d35dd98c788729f661c9c9d7b4053fcbdb3083943b9d517b83fe38063a6/analysis/1408097500/
___

Fake VOIP SPAM - Word macro script
- http://blog.mxlab.eu/2014/08/15/fake-email-from-voip-inc-installs-trojan-downloader-using-word-macro-script/
Aug 15, 2014 - "... intercepted a campaign by email with the subject “Your Order No 355253536 | Mob Inc.” which includes a malicious Word document that allows the installation of a trojan downloader using the macro functionality from Word. This email is send from the spoofed addresses and has the following body:
    Thank you for ordering from VOIP Inc.
    This message is to inform you that your order has been received and is currently being processed.
    Your order reference is 488910845598.
    You will need this in all correspondence.
    This receipt is NOT proof of purchase.
    We will send a printed invoice by mail to your billing address.
    You have chosen to pay by credit card. Your card will be charged for the amount
    of 805.74 USD and “VOIP Inc.”
    will appear next to the charge on your statement.
    Your purchase information appears below in the file.


The attached ZIP file has the name Order.zip and contains the 41 kB large file Order.Doc. The Order.Doc is a genuine Word document but the file contains a malicious macro feature. Once opening the Word document, instructions are given on how to enable the content and activate the -malicious- macro script... The downloader is known as W97M/Downloader, MO97:Downloader-DU, VBA/TrojanDownloader.Agent.AL, Trojan-Downloader:W32/Agent.DVCR, Trojan-Downloader.VBA.Agent or Trojan.Mdropper. At the time of writing, 8 of the 53 AV engines did detect the trojan downloader at Virus Total*..."
* https://www.virustotal.com/en/file/af8694825d3d7eb470255b9dd858e6544ac54df9295bb373bc8205e8fe27722c/analysis/1408099896/

 Evil or Very Mad Evil or Very Mad  Sad

Pages: 1 ... 8 9 [10]
Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.469 seconds with 16 queries.