They were replaced with: Osx.Malware.Proton-6377366-1
- Alain On Fri, Nov 24, 2017 at 7:08 AM, Al Varnell <[email protected]> wrote: > > Begin forwarded message: > > > > From: [email protected] > > Subject: [clamav-virusdb] Signatures Published daily - 24065 > > Date: November 22, 2017 at 5:10:11 PM PST > > To: [email protected] > > > > Dropped Detection Signatures: > > > > * Osx.Trojan.Proton-6352640-0 > > > > * Osx.Trojan.Proton-6352641-0 > > > > * Osx.Trojan.Proton-6352642-0 > > > > * Osx.Trojan.Proton-6352643-0 > > I'm quite confused and concerned about why these are being dropped. All > added in daily - 23973, 20 Oct. > > > $ sigtool -fOsx.Trojan.Proton-6352640-0 > > [daily.hsb] cc3297083ad89cabfd58d251cbbe3ca9:44592:Osx.Trojan.Proton- > 6352640-0:73 > > $ sigtool -fOsx.Trojan.Proton-6352641-0 > > [daily.hsb] 5f145ed27ec88add379676729cbad15f:2056450:Osx.Trojan.Proton- > 6352641-0:73 > > $ sigtool -fOsx.Trojan.Proton-6352642-0 > > [daily.hsb] 0ca749b61c7e76e6ec07c33aab01aab3:1175737:Osx.Trojan.Proton- > 6352642-0:73 > > $ sigtool -fOsx.Trojan.Proton-6352643-0 > > [daily.hsb] ff80d97674e148687affd6a4e3ccf00a:44592:Osx.Trojan.Proton- > 6352643-0:73 > > Two of these are a perfect match for samples I personally have of the > hijacked Elmedia Player that installed OSX.Proton.C as described in this > Intego blog: > <https://www.intego.com/mac-security-blog/osxproton- > malware-is-back-heres-what-mac-users-need-to-know/> and this Malwarebytes > blog: > <https://blog.malwarebytes.com/cybercrime/2017/10/mac- > malware-osx-proton-strikes-again/>, among others. > > They are all broadly detected on VirusTotal by 30 or more scanners. > > VirusTotal > > <https://www.virustotal.com/en/file/2e6bb8fd7f983dd06fa0c5314a7b10 > 5354888f63c60a3205ade6d467cc620dc5/analysis/> > > <https://www.virustotal.com/en/file/2ec4b1705b690ab8c558e3e8ead8bb > d34b1fb1b260a27f40b34718be3b71a3a7/analysis/> > > <https://www.virustotal.com/en/file/553496aa878821295de7acdd20d637 > 7d39e304651bdd1281c7a7ff15b8f43cad/analysis/> > > <https://www.virustotal.com/en/file/4d33f4a3c1cbf9cded6a3a096025d0 > b44905e0308bd3662a496a0701f2ec942d/analysis/> > > Can somebody explain why they are being dropped at this time? > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > > > _______________________________________________ > clamav-users mailing list > [email protected] > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list [email protected] http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
