Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 3546 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FedEx email virus? not detected

leilani

today I received an email with a zipped file that pretends to be from FedEx.  I had prior knowledge of the "scam" and I'm pretty sure the attached zip is a virus; probably a "Windows OS" virus, but a virus.

Sophos for Mac did not detect any threats, I got no pop ups, nothing.  So I opened Sophos and had it scan the directory that the email is in.  It still did not find it.

Is there a procedure for sending in samples of "suspected" viruses??  (I realize that I need to delete the file and email, but was wondering if I could send it in so Sophos can add it to a database or something.)

thanks. 

:1000691


This thread was automatically locked due to age.
Parents
  • 0

    That's part of the Bredo family; a Botnet that emails out files with names related to FedEx and UPS to infect your Windows computer and join it to the botnet.  They update the actual malware multiple times per day.

    In our enterprise products, we block the emails with our email products, the websites with our web appliance, and the malicious attachments with our Antivirus.

    Looking at the details you listed, it appears you have on access scanning set to scan inside archives... so it is repeatedly detecting the exe INSIDE the zip file.  You'll need to delete the zip file or disable in-archive scanning to stop this from happening.  I recommend just deleting the email message.

    :1002251
Reply
  • 0

    That's part of the Bredo family; a Botnet that emails out files with names related to FedEx and UPS to infect your Windows computer and join it to the botnet.  They update the actual malware multiple times per day.

    In our enterprise products, we block the emails with our email products, the websites with our web appliance, and the malicious attachments with our Antivirus.

    Looking at the details you listed, it appears you have on access scanning set to scan inside archives... so it is repeatedly detecting the exe INSIDE the zip file.  You'll need to delete the zip file or disable in-archive scanning to stop this from happening.  I recommend just deleting the email message.

    :1002251
Children
No Data