Al Varnell wrote: > I’ve had three users report browser cache files indicating > Swf.Exploit.CVE_2015_3102 infection. All were logging into PayPal at > the time. > <https://www.paypal.com/us/cgi-bin/webscr?cmd=_account>
My first doubt was wether they were logging into the legitimate PayPal site, but apparently they were. The Swf.Exploit.CVE_2015_3102 signature matches the file at hxxps://www.paypal.com/en_US/m/mid.swf PayPal seems to have modified the file in the meantime, though. Al reported the file was 5d024cc615e2b1c35ce9b2cce77ef481 / c9d1856cfddc24fc3c51e5cc023c2cb4575b38a2140a39123438276d18b8561e The one I downloaded is b0a5b791ee0a61b5bab74c8772e227e0 / 75c2934018c742de4c902ad377be8edb7473266bacbb20e6407368676b9330a9 _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
