Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Best Buy

Dec 3, 2014 3:38AM PST

Received an infected email today. Sender as "Best Buy", subject as "Order Confirmation". Inside was a zip file called Bestbuy_Order_ID_6484460MN.zip and using Linux engrampa I discovered it has an executable zip file inside it called "Bestbuy_Order.exe" which contained files .data .rdata .reloc .text and a folder .rsrc The file was 149.5 kb in size.

inside the .rsrc folder were 2 folders ICON and GROUP_ICON

MSE on XP doesn't recognize it as a threat. Reported to Symantec with the file.

Discussion is locked

- Collapse -
Just Curious...
Dec 3, 2014 11:19AM PST

Did you scan the zip file or the .exe with any other antivirus or antispyware programs? Like ESET or any of the other options available... Just curious whether ANYTHING found the problem.

And just a note: Carol posted about this issue in her "News" thread at the link below. Apparently, you were blessed to see the problem a little sooner than many...

http://forums.cnet.com/7726-6132_102-5634772.html

Hope this helps.

Grif

- Collapse -
Yes, I did.
Dec 3, 2014 12:45PM PST

clamtk on linux didn't detect a problem, MSE on XP didn't detect it as a problem, so sent to symantec and got this back.
================================================================
We have processed your submission (Tracking #) and your submission is now closed. The following is a report of our findings for the files in your submission:

Submission Summary

Files Submitted

# Filename MD5 Determination Signature Protection Name RR Seq#
1 BestBuy_Order_ID_6484460MN.zip 0xA4E33F6770DF8F93C31E895D5F9373BD Archive N/A N/A
2 BestBuy_Order.exe 0x7DA5BDD80FE618511F97618045068407 AlreadyDetected Packed.Generic.463
N/A

Developer Notes:


BestBuy_Order_ID_6484460MN.zip is a container file e.g. archive, email

BestBuy_Order.exe is detected by Symantec AV products with the latest definitions.

Assessment

File1: BestBuy_Order_ID_6484460MN.zip
MD5: 0xA4E33F6770DF8F93C31E895D5F9373BD
SHA-1: 0x9867D8B0D3A38245D3B1AD85EC520DFA82048225
Determination: See Dev Notes
Submission Detail: Please see the developer notes.

File2: BestBuy_Order.exe
MD5: 0x7DA5BDD80FE618511F97618045068407
SHA-1: 0x458CA8EC68AC1AA5607B0799DD26F230217C7B16

Determination: AlreadyDetected

Submission Detail: This file is detected as Packed.Generic.463 with our existing certified LiveUpdate definitions.

Signature Protection Name: Packed.Generic.463

Live Update Sequence Number: 159461

This message was generated by Symantec Security Response automation.

Should you have any questions about your submission, please contact our regional technical support from the Symantec Web site, and give them the tracking number included in this message.

Symantec Technical Support

http://www.symantec.com/techsupp/

Sincerely,

Symantec Security Response

- Collapse -
Don't open that types of mails
Dec 3, 2014 1:09PM PST

This are the spammers and they send some malicious files or software in emails. they are send virus in it. when you run .exe files in your pc's your pc in danger zone. they catch your personal data and information in your pc whitout your permission.

- Collapse -
(NT) thank you. I certainly won't.
Dec 3, 2014 1:27PM PST