It was a trick to get my defenses down. I am now getting exactlyThey all link to:
microsoft.windowslive.com/*a_long_key which seems to be a legit M$
domain
They been hacked ?
From: "sh@dow said:It was a trick to get my defenses down. I am now getting exactlyThey all link to:
microsoft.windowslive.com/*a_long_key which seems to be a legit M$
domain
They been hacked ?
the same messages, this time leading me to a trojan called
www.youtube.com, yeah, with an executable com at the end.
Tested at virustotal, and jotti, heuristics gets it 5/41
Uploading to uploadmalware, for David Lipman to analyze.
[]'s
avast!: Message body was removed because it contained a virus.
Well, it's good to know more AV's recognize it.
There was no malware in that. Presumably Avast didn't like the de-obfuscated script. A
script that could not cause any harm in the body of my post.
From: "Rich Webb said:There was no malware in that. Presumably Avast didn't like the de-obfuscated script.
A
script that could not cause any harm in the body of my post.
Roger that. Thought it was better to ask just in case it wasn't a false
positive, given how easily From lines can be spoofed. FWIW, the Avast
alert was "JS: Banker-P [Trj]."
From: "Shadow said:Well, it's good to know more AV's recognize it.
Trojan banker, via proxy.
Has just about every Brazilian bank I've ever heard of on the
list.
Thanks
[]'s