There is at least one earlier discussion concerning the lack of response to submitted javascript samples, perhaps a month ago (sorry don’t have time to track it down at the moment). As I outlined earlier, there haven’t been many .js signatures to date, and hardly any recent ones that were not considered PUA. Disturbing.
-Al- On Tue, Mar 15, 2016 at 01:52 PM, TR Shaw wrote: > > AL, > > I am seeing lots of different version of ransomware .js downloaders > (telescript, locky, and many others and variants) for which I have been > feeding the CalmAV team and creating sigs pushed out as winnow sigs in > Steve’s feed. I can tell you that all that I have and am feeding have not > been detected by ClamAV when I detected them. > >> On Mar 15, 2016, at 2:15 PM, Al Varnell <alvarn...@mac.com> wrote: >> >> That’s the KeRanger ransomeware which we dealt with last weekend. Not >> related to Teslacrypt AFAIK. >> >> -Al- >> >> On Tue, Mar 15, 2016 at 10:45 AM, Dennis Peterson wrote: >>> >>> Already in the wild. >>> >>> http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
