I’ve had three users report browser cache files indicating Swf.Exploit.CVE_2015_3102 infection. All were logging into PayPal at the time. <https://www.paypal.com/us/cgi-bin/webscr?cmd=_account> ClamXav Forum topic: <https://www.clamxav.com/BB/viewtopic.php?f=1&t=4169>
Since I was unable to replicate it with my setup I asked one of them to submit the file to VirusTotal <https://www.virustotal.com/en/file/c9d1856cfddc24fc3c51e5cc023c2cb4575b38a2140a39123438276d18b8561e/analysis/1439865575/> where only ClamAV identified it as infected and the file details indicate: > Commonly abused SWF properties > - The studied SWF file makes use of ActionScript3, some exploits have been > found in the past targeting the ActionScript Virtual Machine. ActionScript > has also been used to force unwanted redirections and other badness. Note > that many legitimate flash files may also use it to implement rich content > and animations. > - The flash file uses methods of the ExternalInterface class to communicate > with the external host of the Flash plugin, such as the web browser. > - The flash file seems to embed javascript code. In combination with the > ExternalInterface class usage, this code might be trying to modify the DOM of > the parent URL embedding the file. They also uploaded it to your "Report False Positive" page. The MD5 should have been 5d024cc615e2b1c35ce9b2cce77ef481 -Al- -- Al Varnell Mountain View, CA
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
