It was a trick to get my defenses down. I am now getting exactly
the same messages, this time leading me to a trojan called www.youtube.com, yeah, with an executable com at the end.
Tested at virustotal, and jotti, heuristics gets it 5/41
Uploading to uploadmalware, for David Lipman to analyze.
[]'s
It was a trick to get my defenses down. I am now getting exactly
the same messages, this time leading me to a trojan called www.youtube.com, yeah, with an executable com at the end.
Tested at virustotal, and jotti, heuristics gets it 5/41
Uploading to uploadmalware, for David Lipman to analyze.
[]'s
Well, it's good to know more AV's recognize it.
Trojan banker, via proxy.
Has just about every Brazilian bank I've ever heard of on the
list.
Thanks
[]'s
Roger that. Thought it was better to ask just in case it wasn't a false
positive, given how easily From lines can be spoofed. FWIW, the Avast
alert was "JS: Banker-P [Trj]."
Roger that. Thought it was better to ask just in case it wasn't a false
positive, given how easily From lines can be spoofed. FWIW, the Avast
alert was "JS: Banker-P [Trj]."
Quite apropos label since if you examine the script it does have to do with banks
specifically Brazilian and it was deobfusicated from an obfuscated Javascript.
Well, it's good to know more AV's recognize it.
Trojan banker, via proxy.
Has just about every Brazilian bank I've ever heard of on the
list.
Thanks
[]'s
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.