[clamav-users] Swf.Exploit.CVE_2015_3102 FP
alvarnell at mac.com
Tue Aug 18 01:32:51 EDT 2015
I’ve had three users report browser cache files indicating Swf.Exploit.CVE_2015_3102 infection. All were logging into PayPal at the time.
ClamXav Forum topic: <https://www.clamxav.com/BB/viewtopic.php?f=1&t=4169>
Since I was unable to replicate it with my setup I asked one of them to submit the file to VirusTotal
where only ClamAV identified it as infected and the file details indicate:
> Commonly abused SWF properties
> - The studied SWF file makes use of ActionScript3, some exploits have been found in the past targeting the ActionScript Virtual Machine. ActionScript has also been used to force unwanted redirections and other badness. Note that many legitimate flash files may also use it to implement rich content and animations.
> - The flash ﬁle uses methods of the ExternalInterface class to communicate with the external host of the Flash plugin, such as the web browser.
They also uploaded it to your "Report False Positive" page. The MD5 should have been 5d024cc615e2b1c35ce9b2cce77ef481
Mountain View, CA
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3569 bytes
Desc: not available
More information about the clamav-users