SI's Utter Failure to Detect Malware

mearvk · January 18, 2013, 7:49pm

Got a FedEx email today which was fake telling me I had a package that needed to be picked up. Could tell it was fake from the follow-thru link which is:

Mod edit: Malicious Link Removed

So I right click the Web Inspector option and do that. Here is the report stating no malware or malicious activity was found:

Please note that there is a zip file automatically downloaded which is malicious when you visit the original menze.com site. This is a big time failure. Even running the attachment thru a free anti-virus shows it to be malicious.

So, my issue is that the Site Inspector doesn’t mark it as dangerous (1) and (2) that I can’t even copy the links in the Site Inspector page for inclusion in this forum post. I have to literally do an ‘inspect element’ in my email window to get the data.

I’d say you guys have some very fundamental issues here that need immediate attention.

Chiron494 · January 19, 2013, 4:56pm

I removed the link, although you can contact an active Mod and ask for the link. Note that posting live malware in the public portions of the forum is against forum policy. Below I have posted links to the analysis of the file downloaded from that site.

VirusTotal Results
Valkyrie Results
CIMA Results

mearvk · January 19, 2013, 9:43pm

I was thinking it would be nice to have a piece of software that when you label it as spam it does a whois query, finds the owner(s) and hosting company and fires off an email with these results in it.

Is that anywhere on Comodo’s radar?