Hi Mike recently Geodo was doing this in Switzerland. Direct your customers to https://www.swiss-isa.ch/en/security-check/
and ask them to go through the check. There is a "second opinion" scanner in the test, which detects and cleans a lot of stuff AV does not yet see. Could you send me one of the exe's? I'd like to run them through our analysis system. Cheers Serge On 16.4.15 16:54 , Mike Kellenberger wrote: > Hi all > > I've been contacted by a couple of customers which caught a new virus in > the last few days, sent by e-mail in a .zip file containing an .exe. > (yes, there are still people out there who open these kind of > attachments if they come from a known address) > > The .zip file passes our AV on the mailserver (Kaspersky) as well as our > desktop AV (Symantec) with the newest definitions. > > Once infected, it spreads via e-mail (probably through the outlook > e-mail profile, it authenticates nicely against our mailserver anyway) > blasting out hundreds of mails in a single short session only to sleep > again until the next day... > > Has anybody else seen this? Is there a name or details or cure fo it yet? > > Regards, > > Mike > -- SWITCH ----------------------- Dr. Serge Droz, Head Security Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 63, fax +41 44 268 15 78 serge.d...@switch.ch, http://www.switch.ch Security-News: http://securityblog.switch.ch _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog