[clamav-users] Swf.Exploit.CVE_2015_3102 FP

Ángel González angel at av.16bits.net
Fri Aug 21 13:56:58 EDT 2015


Al Varnell wrote:
> I’ve had three users report browser cache files indicating
> Swf.Exploit.CVE_2015_3102 infection.  All were logging into PayPal at
> the time.
> <https://www.paypal.com/us/cgi-bin/webscr?cmd=_account>

My first doubt was wether they were logging into the legitimate PayPal
site, but apparently they were.

The Swf.Exploit.CVE_2015_3102 signature matches the file at
 hxxps://www.paypal.com/en_US/m/mid.swf


PayPal seems to have modified the file in the meantime, though. Al
reported the file was 5d024cc615e2b1c35ce9b2cce77ef481 /
c9d1856cfddc24fc3c51e5cc023c2cb4575b38a2140a39123438276d18b8561e
The one I downloaded is b0a5b791ee0a61b5bab74c8772e227e0 /
 75c2934018c742de4c902ad377be8edb7473266bacbb20e6407368676b9330a9



More information about the clamav-users mailing list