Eset reactive

[fidelius2 3]

Hello,

In the evening of June 29, my firewall alerts a suspicious program wants to connect to internet. I run an anti malware software which confirms that this newly created file is a trojan. Nod32 does not detect it.

I follow the protocol given by Eset to submit them a maybe infected file (samples@eset.com). Today, on 30 june, I look at virusradar.com and notice that it has been added to the 10024 virus definition database.

Well done Eset. As you can see, do not hesitate to send them a suspicious file because it is not a waste of time.

[Arakasi 549]

Thanks for posting, and thanks for sharing with us.

Thanks for also submitting your harmful file so the rest of us can be protected.

[SweX 871]

Great, thanks for sharing.  

 

Sorry for asking but i'm curious where from did that suspicious file come from, by simply visiting a site, a download, e-mail etc.. do you know? 

 

Did you upload it to Virustotal?

[fidelius2 3]

 

Great, thanks for sharing.  

 

Sorry for asking but i'm curious where from did that suspicious file come from, by simply visiting a site, a download, e-mail etc.. do you know? 

 

Did you upload it to Virustotal?

 

Simply by opening Firefox 10.0.12 ESR with javascript enabled. The start page I have chosen is clean (political) but a new executable file was created in the temp folder. Maybe a malicious redirection, all I can say is that it is related with the browser. And yes I uploaded it to virustotal and only 2 reported it as trojan (not Eset yet).

[SweX 871]

Hmm....intresting. Good that you uploaded it to VT then the other vendors on VT should get the sample as well...eventually.

 

Thanks 

[Marcos 5,074]

Under what name is the malware detected?

[rugk 397]

It's really nice that you share it with us.

 

But now I'm also greedy for knowing which malware it was...

[fidelius2 3]

Win32/PSW.Papras.CK (wiupdat.exe or another random name)

[Arakasi 549]

Yup, added June 30