Using Firefox, I downloaded a zip file from my Yahoo mail even though I was suspicious about it (Yes I know stupid thing to do). What made me do that is that the Norton notification that is part of Yahoo did not show any issues (it had the normal tick on it).
So I downloaded the file, but I did a google search on the domain from which it appeared to have been sent, and apparently it's a spoof address and there is a trojan involved !
This is the address it is spoofing: ticket_support.3@lw.com and the file name that I downloaded is: Court_Notice_Latham_and_Watkins__NY18818.zip
I did not open, extract or click on the zip file, except to scan it with my own NIS (which is up to date) by right clicking on it and choosing "Insight Network Scan" and that showed no threat (sadly) . However, as soon as I realized my stupidity, I looked up how to quarantine and submit the file to Norton; which I did.
My questions:
1 - Could any malware have gotten into my system by my actions ?
2 - By my submitting the file to Norton, will the new set of definitions be able to detect and deal with this malware ?
You still have to be careful and not rely too heavily on either the Safe Web or any other similar scan. Norton looks at executables, and a zip file is not executable, therefore "safe". Since the zip was not extracted, you are probably fine. Do a full system scan, and if you have Malwarebytes free version on board, it wouldn't hurt to do a check with that as well.
Thank you Delphinium, I much appreciate your reply. I will download Malwarebytes and also ComboFix and I will report back if any issue is found. Apparently this is a new malware (created 23rd December) according to the techhelplist.com website.
Just adding background to what Delphinium has said -- there is a setting in Norton to not check compressed files which is ON by default to speed up routine scanning; but you are protected since the moment the contents are accessed then they are scanned.
Have a look at Settings / Computer / Computer Scan and click on the [?] link to About these settings.
In your context note this:
<< Norton Internet Security scans all the files that you receive through email even if the Intelligent Skip Scanning option is turned on. >>
Looks like variations on this theme are going around. SANS reports that VirusTotal showed that Norton detected the .exe in this sample as Suspicious.Cloud.5, a non-signature based detection.
You should not fool with Combofix without expert supervision. It can do very bad things to your system. It is not a simple scan tool. It can, in the right circumstances, leave you with a machine that doesn't boot at all or just blue screens.
