Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New phishing scam?


  • Please log in to reply
8 replies to this topic

#1 Trakeen

Trakeen

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tyler, TX
  • Local time:01:36 PM

Posted 15 January 2014 - 09:58 PM

Please move where needed if I'm in the wrong area:

 

Got this e-mail, today, from waynegardenar@aol.com, and looks like a virus to me:

 

During the past months, facebook has been under attack so you are urged to install the attached application. It will initiate a trusted connection to our servers so your location will be secure. /div>
We are attempting to contact all of our members urgently but our emailing resources are moderate. Our site will be very grateful if you could mail the attached application to your friends and family asap.

 

--------------

 

Attached was a zip file named ron.zip, containing ron.exe.

 

Can upload zip wherever needed if anybody wants to look at it.



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:36 AM

Posted 15 January 2014 - 10:31 PM

definitely malware.

 

if you are with aol you already have a trusted connection to their servers, that's how you get internet. also, aol has far from moderate email resources... lol

 

some of the malware team might be interested in analysing the file.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:36 PM

Posted 15 January 2014 - 10:50 PM

Hello Trakeen please Submit a Malware Sample
 
 
Lets also  get a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Trakeen

Trakeen
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tyler, TX
  • Local time:01:36 PM

Posted 16 January 2014 - 10:15 PM

Thanks guys.  I had a good laugh when I first started reading it.  Loved the /div>



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 16 January 2014 - 10:25 PM


Email & Attachments: How to Protect Yourself Tips from Microsoft:Email & Attachments: Other Resources for How to Protect Yourself:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Trakeen

Trakeen
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tyler, TX
  • Local time:01:36 PM

Posted 16 January 2014 - 10:39 PM

Well, the scan results from the other sites are kinda sad, but the file was detected by 4 or 5 different vendors.

 

http://virusscan.jotti.org/en/scanresult/1f650c6305fcbc3e4c6a55d5152e5541aba35522

https://www.virustotal.com/en/file/a75ca3a36880339b72467cf33af0f9ed111e672c0e466943f5318076ff9255c0/analysis/1389928681/

 http://r.virscan.org/report/bf9edc16560860ae919de5a493619d3b.html



#7 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:36 AM

Posted 16 January 2014 - 11:29 PM

I would believe these results though. especially being flagged as a trojan by Kaspersky and a VNC agent by ESET...

 

Virustotal is the best for this type of file analysis IMHO.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 PM

Posted 17 January 2014 - 06:10 AM

Looks to be more of a generic detection.

Generic detections are usually a heuristics engine detection of possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus. Generic detections are generally seen having numerous variants, ending with different alpha/numerical characters representing additional information - see Microsoft Malware Protection Center Naming Standards.

* Eset: Heuristic Analysis—Detecting Unknown Viruses
* Kaspersky: What is heuristic analysis
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:36 AM

Posted 17 January 2014 - 08:21 AM

great info quietman :thumbup2:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users