Gary V schrieb: > I received an email with a password protected .rar file that claims to > contain an .exe file that I should run in ordrer to protect me from an > undetected worm. I submitted it and it was recognized as > Email.Phishing.RB-686. The only other anti virus vendor to recognize it > at this moment is McAfee (W32/[EMAIL PROTECTED]). Without opening the > attachment, it seems to me there is a possibility this is more serious > than a Phishing class of malware. Is this worth further evaluation? If > so, who should I send it to? > > Gary V
The file inside the archive is already detected. The rar archive is a bit manipulated. The samples i checked so far can't be unpacked with winrar for example, also the linux version of rar has certain problems with it. I added this as Email.Phishing.RB to make sure the signature will be removed after some time since it's very ugly, needs a lot of performance and *maybe* could cause a false positive - i checked it with ~75.000 mails and got none, but you never know. So even if a user receives such a mail, he/she must be very creative to infect her/his system. I added the signature anyway since we received a lot of reports. Phishing is for sure not the right term to decribe it, i just used it for practical reasons. -- Best regards, Christoph mailto:[EMAIL PROTECTED] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
