Keep getting emails from live com

  • Thread starter Thread starter Shadow
  • Start date Start date
S

Shadow

They all link to:
microsoft.windowslive.com/*a_long_key
which seems to be a legit M$ domain

They been hacked ?
 
They all link to:
microsoft.windowslive.com/*a_long_key which seems to be a legit M$
domain

They been hacked ?
It was a trick to get my defenses down. I am now getting exactly
the same messages, this time leading me to a trojan called
www.youtube.com, yeah, with an executable com at the end.
Tested at virustotal, and jotti, heuristics gets it 5/41
Uploading to uploadmalware, for David Lipman to analyze.
[]'s
 
From: "sh@dow said:
They all link to:
microsoft.windowslive.com/*a_long_key which seems to be a legit M$
domain

They been hacked ?
It was a trick to get my defenses down. I am now getting exactly
the same messages, this time leading me to a trojan called
www.youtube.com, yeah, with an executable com at the end.
Tested at virustotal, and jotti, heuristics gets it 5/41
Uploading to uploadmalware, for David Lipman to analyze.
[]'s

Got it - Thanx !

Report to follow.
 
There was no malware in that. Presumably Avast didn't like the de-obfuscated script. A
script that could not cause any harm in the body of my post.

Roger that. Thought it was better to ask just in case it wasn't a false
positive, given how easily From lines can be spoofed. FWIW, the Avast
alert was "JS: Banker-P [Trj]."
 
From: "Rich Webb said:
There was no malware in that. Presumably Avast didn't like the de-obfuscated script.
A
script that could not cause any harm in the body of my post.

Roger that. Thought it was better to ask just in case it wasn't a false
positive, given how easily From lines can be spoofed. FWIW, the Avast
alert was "JS: Banker-P [Trj]."

Quite apropos label since if you examine the script it does have to do with banks
specifically Brazilian and it was deobfusicated from an obfuscated Javascript.
 
Back
Top