Recently I’ve been receiving e-mails containing .zip file attachments which contain malware. Just as a test, today I decided to save all the zip files to a folder and manually scan them.
I first extracted one of the files which revealed an .exe file with a filename consisting of a long string of numbers, then scanned it using VirusTotal uploader, which in my opinion is the best scanner although unfortunately it only works manually and does not do system scans or offer any realtime protection.
Sure enough, VirusTotal basically lit up from the file. You can see the result here.
So then I did a manual scan of the file with Avast Free antivirus, which is what I’ve been using and recommending to friends for years. However Avast did not detect anything. This is odd, because if you look at the VirusTotal result above, it shows that Avast did pick it up. So what the hell is going on? Is there some weird misconfiguration of my Avast instance? I check and no, there wasn’t.
Somewhat miffed by this, I then decided to install Bitdefender Free. Guess what? The same thing happened. It failed to detect anything. And again, the VirusTotal result did say that Bitdefender detected something.
Not one to be defeated, I then installed ClamWin. Once again I ran a manual scan and, once again, it failed to detect anything. In this case VirusTotal also says that its version of ClamAV failed to detect anything, although that is still not a good sign.
So what is going on? This makes no sense to me and is rather alarming.
At this point I feel like installing more AV programs and seeing if I can get at least one to detect the malware.
Update: I just scanned a second file with Bitdefender which was a .js file and this time it did detect.
I then unzipped a second file which revealed another .exe with a long filename consisting of numbers, and again Bitdefender failed to detect anything.
So: Whatever this .exe is which is being spread via e-mail spam in a .zip file attachement, it seems pretty bad.
I know that most people know not to click on stuff, but still its quite disconcerting that virus scanners are missing serious threats which they should be picking up.
Update 2: Installed AVG Free and it seems to be working well, detected everything. Not sure what happened with Avast. I did set an exclusion for the folder that contained the malware, however when I ran the manual scan on the files it should have ran and detected it. It appeared to run and claimed to have found nothing.
Leave a Reply
You must be logged in to post a comment.