Teslacrypt malware undetected by most major AV after 18 hours and counting.

Teslacrypt malware infection has spiked today, a javascript loader is being circlated around by various webmail providers and downloaded and run on windows machines thanks to MBAM, Win Defender, ESET, and Avast (that I know of) … not identifying it as a threat.

Here’s an actual Outlook inbox (On-premise exchange, note that Office 365 mailboxes are silently discarding this attachment)


From the offset Gmail and Office365 were not spreading the malware forward. 365 silently drops the mail, Gmail sends you a friendly heads-up…


Namecheap private email is blissfully unaware 20 hours after the first report of a suspicious attachment.


ESET has added signatures for this outbreak at last, many hours behind other antivirus vendors but still not as late as;  ALYac AVware Agnitum AhnLab-V3 Alibaba Antiy-AVL Baidu Baidu-International Bkav ByteHero CAT-QuickHeal CMC ClamAV Comodo DrWeb F-Secure Ikarus Jiangmin K7AntiVirus K7GW Malwarebytes Microsoft NANO-Antivirus Panda Qihoo-360 Rising SUPERAntiSpyware Symantec TheHacker TrendMicro TrendMicro-HouseCall VBA32 ViRobot Zillya Zoner nProtect

At the end of today (actually well into the following day now) all the above vendors haven’t added signatures for this seriously damaging ransom-ware infection.

Researchers and analysts: download payload

If you don’t know the password, email [email protected] and ask nicely.