[clamav-users] Swf.Exploit.CVE_2015_3102 FP

Ángel González angel at av.16bits.net
Fri Aug 21 13:56:58 EDT 2015

Al Varnell wrote:
> I’ve had three users report browser cache files indicating
> Swf.Exploit.CVE_2015_3102 infection.  All were logging into PayPal at
> the time.
> <https://www.paypal.com/us/cgi-bin/webscr?cmd=_account>

My first doubt was wether they were logging into the legitimate PayPal
site, but apparently they were.

The Swf.Exploit.CVE_2015_3102 signature matches the file at

PayPal seems to have modified the file in the meantime, though. Al
reported the file was 5d024cc615e2b1c35ce9b2cce77ef481 /
The one I downloaded is b0a5b791ee0a61b5bab74c8772e227e0 /

More information about the clamav-users mailing list