republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Scam and Phishbusters > [Spam] Western Union Transfer MTCN: 1848485571 [ZIP FILE VIRUS]

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Phish Tracker ·Anti-Phishing Work Group ·Avoid Phishing
AuthorAll Replies


Snowy
mIRC unix.ro UnderNet
Premium
join:2003-04-05
Kailua, HI
kudos:5

reply to MGD

Re: [Spam] Western Union Transfer MTCN: 1848485571 [ZIP FILE VIR

There are a few items that might provide some forensic value, if you think the effort is warranted.
It is interesting that the actor(s) took the effort to change the icon on an exe that wasn't able to detect that it was being run in a sandbox.
to forum · permalink · 2009-05-12 00:37:35 ·

MGD
Premium,MVM
join:2002-07-31
kudos:9

I was surprised that it received such a low Bayes score on the filter, plus sailed through the mail server's AV. On the default file settings of most win machines the exe extension will be hidden. Only that icon and the file name will be seen. The curiosity of the recipient will need to exceed the only warning about running an exe when clicked to open, for the ruse to work. It is possible that AV's may catch it as sometimes Virus Total's results are on the low side, though the catch rate on the original was 16 versus 18 on my submit a day later.

Let me know if you want a copy of the zip

MGD

to forum · permalink · 2009-05-12 00:57:18 ·


madylarian
The curmudgeonly
Premium
join:2002-01-03
Parkville, MD

I, too, got that one today, though it was blocked and dumped by BitDefender. It was quite a shock to see anything get that far since I have my spam tolerance set very low (2.5 out of 10 on a proprietary version of SpamAssassin).

mady
--
Honi soit qui mal y pense

to forum · permalink · 2009-05-14 01:09:41 ·


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
Reviews:
·RoadRunner Cable

reply to MGD

said by MGD:

I was surprised that it received such a low Bayes score on the filter, plus sailed through the mail server's AV. On the default file settings of most win machines the exe extension will be hidden. Only that icon and the file name will be seen. The curiosity of the recipient will need to exceed the only warning about running an exe when clicked to open, for the ruse to work. It is possible that AV's may catch it as sometimes Virus Total's results are on the low side, though the catch rate on the original was 16 versus 18 on my submit a day later.

Let me know if you want a copy of the zip

MGD
I had some of those Hallmark ecards start getting thru different filters thru different accounts last week and contacted the AV companies [all] as well as the folks at dslr where it got thru their filters as well.

Not too many reports of that email getting to the masses after the time I spent alerting multiple contacts about it being 'allowed' as hallmark.com as sender even with headers and sender from Romanian IPs.

REPORT, REPORT, REPORT.
--
Proud Member of ASAP
DSLR Phishtracker
to forum · permalink · 2009-05-15 19:59:45 ·
Forums > Broadband Tech > Security > Scam and Phishbusters

Friday, 01-Jun 00:14:23 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics