[clamav-users] javascript ZIP virus not caught?
Al Varnell
alvarnell at mac.com
Tue Mar 15 20:57:27 UTC 2016
There is at least one earlier discussion concerning the lack of response to submitted javascript samples, perhaps a month ago (sorry don’t have time to track it down at the moment). As I outlined earlier, there haven’t been many .js signatures to date, and hardly any recent ones that were not considered PUA. Disturbing.
-Al-
On Tue, Mar 15, 2016 at 01:52 PM, TR Shaw wrote:
>
> AL,
>
> I am seeing lots of different version of ransomware .js downloaders (telescript, locky, and many others and variants) for which I have been feeding the CalmAV team and creating sigs pushed out as winnow sigs in Steve’s feed. I can tell you that all that I have and am feeding have not been detected by ClamAV when I detected them.
>
>> On Mar 15, 2016, at 2:15 PM, Al Varnell <alvarnell at mac.com> wrote:
>>
>> That’s the KeRanger ransomeware which we dealt with last weekend. Not related to Teslacrypt AFAIK.
>>
>> -Al-
>>
>> On Tue, Mar 15, 2016 at 10:45 AM, Dennis Peterson wrote:
>>>
>>> Already in the wild.
>>>
>>> http://www.foxnews.com/tech/2016/03/07/new-mac-os-x-ransomware-targets-apple-users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160315/893749f7/attachment.bin>
More information about the clamav-users
mailing list