Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 7932 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where do I get details about detected malware in a file?

JosephKahle

Where do I get details about Troj~DocDl-AEV?  Submitted a Word Document that was examined and said to contain this piece of malware.  When I looked at the encyclopedia it said that it was a downloader macro and was first found on some date.

That is all there was.

Nothing about if you have macros turned off in Outlook (which we do by default) if you were still at risk
Nothing about if you had to edit the document to trigger the macro. 
Nothing about what it tried to download.
Nothing.

Really hoped that Sophos would be a better job of writing up the nature of a piece of Malware than Microsoft, however it appears that you provide the barest minimum in a similar vein to them.  Do not have the poor user worry their pretty little head about where they should look to see if the macros has download some (hundred) piece(s) of malware.



This thread was automatically locked due to age.
Parents
  • Hello JosephKahle,

    One thing you need to note is that this is a Trojan. This means that if the file downloads another file it may not be the same downloaded file each time even for the same file. More importantly this Trojan could download anything, and is just a tool to begin the next step of infection. Since someone can use this for other download other malicious files we cannot know what it will download for sure.

    The only way to get this analysed is to submit it to our sample submissions.
    secure2.sophos.com/.../sample-submission.aspx

    Please note that running detailed analysis is not always possible due to the manual work that is required for every request.

    Sean
Reply
  • Hello JosephKahle,

    One thing you need to note is that this is a Trojan. This means that if the file downloads another file it may not be the same downloaded file each time even for the same file. More importantly this Trojan could download anything, and is just a tool to begin the next step of infection. Since someone can use this for other download other malicious files we cannot know what it will download for sure.

    The only way to get this analysed is to submit it to our sample submissions.
    secure2.sophos.com/.../sample-submission.aspx

    Please note that running detailed analysis is not always possible due to the manual work that is required for every request.

    Sean
Children
No Data
Unfiltered HTML