Since the password has to be included for the victim to be able to decrypt, it ought to be possible to automatically find the password in the email. Of course, eventually the criminals will start hiding the password in some way that a human can easily find it, but non-AI automation can't.
On Tue, 22 Dec 2020 03:46:13 -0800 Al Varnell via clamav-users <clamav-users@lists.clamav.net> wrote: > When you submit it, be sure to include the password so that the ClamAV > signature team can properly asses it and provide a hash signature for the zip > file. > > -Al- > > > On Dec 22, 2020, at 03:32, Alessandro Vesely via clamav-users > > <clamav-users@lists.clamav.net> wrote: > > > > Hi all, > > > > > > today I received a message with an encrypted zip attachment. I saved the > > attachment and loaded it to VirusTotal, where no scanner detected anything: > > https://www.virustotal.com/gui/file/2cef2c979e60c1e2892e6a494814dd65db14c2076102279e6e74737d36c115a5/detection > > > > Then I unzipped the file using the password given in the message text, > > uploaded the only extracted file and got plenty of VBA / W97M malware: > > https://www.virustotal.com/gui/file/99b352442e1351334d5e68e7f12469dc7f2790e6ae44b05be7dcd03739211f1f/detection > > > > I spare reporting this malware to ClamAV, as it seems hopeless to me. Am I > > wrong? > > > > > > Best > > Ale _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
