Teslacrypt malware undetected by most major AV after 18 hours and counting.

Teslacrypt malware infection has spiked today, a javascript loader is being circlated around by various webmail providers and downloaded and run on windows machines thanks to MBAM, Win Defender, ESET, and Avast (that I know of) … not identifying it as a threat.

Here’s an actual Outlook inbox (On-premise exchange, note that Office 365 mailboxes are silently discarding this attachment)

real-inbox

From the offset Gmail and Office365 were not spreading the malware forward. 365 silently drops the mail, Gmail sends you a friendly heads-up…

gmail

Namecheap private email is blissfully unaware 20 hours after the first report of a suspicious attachment.

ox-groupware

ESET has added signatures for this outbreak at last, many hours behind other antivirus vendors but still not as late as;  ALYac AVware Agnitum AhnLab-V3 Alibaba Antiy-AVL Baidu Baidu-International Bkav ByteHero CAT-QuickHeal CMC ClamAV Comodo DrWeb F-Secure Ikarus Jiangmin K7AntiVirus K7GW Malwarebytes Microsoft NANO-Antivirus Panda Qihoo-360 Rising SUPERAntiSpyware Symantec TheHacker TrendMicro TrendMicro-HouseCall VBA32 ViRobot Zillya Zoner nProtect

At the end of today (actually well into the following day now) all the above vendors haven’t added signatures for this seriously damaging ransom-ware infection.

Researchers and analysts: download payload

If you don’t know the password, email me@leefuller.io and ask nicely.