For a few weeks now, I keep receiving a few "Delta Ticket" e-mails a day with zipped executables as attachments. The e-mails are done about as bad as it gets:
So they could do a lot better. The sad part is, that they apparently have no need to do better. The "From" name, which is what most people are looking at, reads "Delta Air Lines". Some major/popular AV tools still don't detect it well at all, and well, users like to click on stuff I guess. The initial piece of malware appears to be a generic downloader. In my system, it installed what looked like a fake Adobe update. Still running it to see what is exactly going on, but not expecting too much.
[1] https://www.virustotal.com/en/file/4cf652e71bbbe37eecda58169471df27db15ca1e5a8f14006128a4883b095409/analysis/1410799974/
--- |
Johannes 4479 Posts ISC Handler Sep 15th 2014 |
Thread locked Subscribe |
Sep 15th 2014 7 years ago |
I got one from the Bank of Africa say I was being awarded a 2.5 million check.
I was supposed to reply to a Gmail account? Bank of Africa uses Gmail? |
Anonymous |
Quote |
Sep 15th 2014 7 years ago |
I've seen similar delivery method (.exe in a .zip file) as a vector for major breaches at allegedly secure institutions. If your systems allow an average user to run executable code from arbitrary locations (e.g. Outlook temp directory, zip file (or zip temp directory) in their documents directory, etc.) then you're not serious about security. Of course, our typical computer systems allow this by default, and in fact don't make it easy to disable.
Software restriction policies in Windows, however, has a lot of the qualities that are needed (e.g. free, built-in). |
packetdude 22 Posts |
Quote |
Sep 16th 2014 7 years ago |
I've seen similar delivery method (.exe in a .zip file) as a vector for major breaches at allegedly secure institutions. If your systems allow an average user to run executable code from arbitrary locations (e.g. Outlook temp directory, zip file (or zip temp directory) in their documents directory, etc.) then you're not serious about security. Of course, our typical computer systems allow this by default, and in fact don't make it easy to disable.
Software restriction policies in Windows, however, has a lot of the qualities that are needed (e.g. free, built-in). |
packetdude 22 Posts |
Quote |
Sep 16th 2014 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!