Wednesday, 12 November 2014

word malware continues

Word document based malware continues to changed it formats

Here's the latest two versions...

This one "from" Sandra Whitmore of Nazarethcare:



 And this one "from" Soo Sutton of Power EC Ltd:



Note that in both cases Thunderbird is showing an unknown size for the document.

Again, Sanesecurity.Malware.24528.DocHeur works a treat again and blocks them before
doing any damage.

Malware Detected as: Sanesecurity.Malware.24528.DocHeur
ClamAV 3rd Party signatures: http://sanesecurity.com
#clamav #sanesecurity #malware


Thursday, 6 November 2014

Fake Amazon word document malware

Just receiving some word document malware, supposedly from Amazon....



It was blocked by an existing signatures...

Malware Detected as: Sanesecurity.Malware.24528.DocHeur
ClamAV 3rd Party signatures: http://sanesecurity.com
#clamav #sanesecurity #malware

Current md5 hashes...

1b952f7556a5046a03f2d77877dcf507
d078b7afea87ceefc5064200a5412ae4
ef3aadf9aa910b00d99614b8cef7df0f

VirusTotal Result (5/54) @ 12.29














Tuesday, 4 November 2014

Remittance Advice November word malware

More malware infected word documents on their way...


From: "Doreen Todd"
Subject: Remittance Advice November WT1841041R
Reply-To: "Doreen Todd"


Dear Sir/Madam

Please find attached the details of the payment credited to your account =
for the sum of 1739.67 GBP

Regards


Doreen Todd

Accounts Payable Department DUCO


Malware Detected as: Sanesecurity.Malware.24528.DocHeur
ClamAV 3rd Party signatures: http://sanesecurity.com
#clamav #sanesecurity #malware  


12:26: VirusTotal Results: 12, 3 and 4
15:41: Eset have just added detection, so after 3 hours we have 1/54 AV's picking it up