Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
martyyn

1389 posts

Uber Geek

Subscriber

  #2566646 17-Sep-2020 09:51
Send private message quote this post

This is starting to get a little interesting. One of my clients has started to see the same emails and I have an email address with them which only two other people know about.

 

I've received email this morning from them both with .doc attachments asking me to complete the forms to open my account.

 

I've run both attachments through virustotal.com as @1101 suggested to find one is all clear but the other lights up like a Christmas tree with all sorts of trojans.


1101
2276 posts

Uber Geek


  #2566664 17-Sep-2020 10:03
Send private message quote this post

martyyn:

 

I've run both attachments through virustotal.com as @1101 suggested to find one is all clear but the other lights up like a Christmas tree with all sorts of trojans.

 

 

I get a bit p8ssed when Endpoint AV payware does a worse job than some freeware AV . So , thousands of $ spend on AV lic's across many clients , I really expect a bit better
I uploaded my infected doc to ESET , for them to have a look at . Never heard back, no acknowledgement , no confirmation email , nothing .


 
 
 
 


BlakJak
787 posts

Ultimate Geek

Trusted

  #2566739 17-Sep-2020 11:15
Send private message quote this post

1101:

 

martyyn:

 

I've run both attachments through virustotal.com as @1101 suggested to find one is all clear but the other lights up like a Christmas tree with all sorts of trojans.

 

 

I get a bit p8ssed when Endpoint AV payware does a worse job than some freeware AV . So , thousands of $ spend on AV lic's across many clients , I really expect a bit better
I uploaded my infected doc to ESET , for them to have a look at . Never heard back, no acknowledgement , no confirmation email , nothing .

 

 

Antivirus is largely reactive. Whack-a-mole. No solution is going to be perfect, it is only part of a layered approach.





No signature to see here, move along...

BlakJak
787 posts

Ultimate Geek

Trusted

  #2566757 17-Sep-2020 11:34
Send private message quote this post

1101:

 

martyyn:

 

The attachment appears to be an empty .docx file. It's only 172KB, so I put it on an old laptop and it scanned ok with ESET and malwarebytes and opens a blank Word doc.

 

 

Upload it to Virustotal.com for scanning
https://www.virustotal.com/gui/

A doc attatchment I was given , thought to have caused a ransomware attack , scanned clean with NOD, Bitdefender & Mbytes, but showed as infected in Virustotal .

 

"Somewhere out there is a massive database of ancient emails from many many hacked accounts. "
Actually, whats been happening is recent (Dec 2019) emails are on hackers databases . They use these emails to make the spamed email look like a legit reply , this is becoming more common

The other thing that should be done , is have companies remove email adress from their websites. No matter how many time you advise them to do this, nothing happens
Some company websites have stafers Full name , position & email adress . Making it all to easy to spoof emails to look like invoices or payment requests from the company accountant or mangers

 

Removing email addresses won't help much. It reduces the number of targets, but a lot of successful phishing emails are actually obviously emails from completely random domains, and the recipient simply doesn't notice or pay attention to the fact that the source email address is completely random and irrelevant.

 

Public knowledge of email addresses doesn't make spammed emails look like a legit reply per-se, what the public breach databases do is provide a target-rich environment. Fake From headers and clever use of reply-to is intended to catch the unprepared out.  So education remains key.

 

 

 





No signature to see here, move along...

1101
2276 posts

Uber Geek


  #2566792 17-Sep-2020 12:38
Send private message quote this post

BlakJak:

 

.  So education remains key.

 

 

that doesnt work, in real life , unfortunately.
The week after a bad ransomware infection (that everyone was aware of) , and after all staff were warned NOT to open suspicious email attachments , one of the staff asks IT how to get
a email attachment to open . Could have easily been a 2nd ransomware issue just after cleaning up the first .

 

Even those who know better  , can & do open attachments they shouldnt . 


BlakJak
787 posts

Ultimate Geek

Trusted

  #2567203 17-Sep-2020 21:55
Send private message quote this post

1101:

BlakJak:

 

.  So education remains key.

 

 

that doesnt work, in real life , unfortunately.
The week after a bad ransomware infection (that everyone was aware of) , and after all staff were warned NOT to open suspicious email attachments , one of the staff asks IT how to get
a email attachment to open . Could have easily been a 2nd ransomware issue just after cleaning up the first .

 

Even those who know better  , can & do open attachments they shouldnt . 

 

 

Trust - but verify. Loads of other technical measures you should also use as a baseline, including MFA (which will save you from a large proportion of the risk associated with phished creds, if done properly), AV on your email system and separate AV on the desktop should be a given for business and corporate. Also a web security service like ZScaler has its place.

 





No signature to see here, move along...

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic




News »

HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37


NVIDIA to acquire Arm for US$ 40 billion
Posted 14-Sep-2020 12:27


Epson launches its next gen A3+ colour EcoTank multi-function printer
Posted 10-Sep-2020 16:08


Sony launches three new native 4K SXRD home cinema projectors
Posted 9-Sep-2020 18:00


Catalyst Cloud brings Kubernetes-based open-source web hosting solution to market
Posted 9-Sep-2020 17:54


Verizon Connect eyes further growth in New Zealand
Posted 8-Sep-2020 09:26


PNY launches XLR8 gaming NVIDIA GeForce RTX 30 series powered by the all-new NVIDIA Ampere architecture
Posted 3-Sep-2020 16:39


NVIDIA delivers greatest-ever generational leap with GeForce RTX 30 Series GPUs
Posted 3-Sep-2020 16:17


Weta Digital advances visual effects and animation in the cloud with AWS
Posted 2-Sep-2020 17:09


Kiwrious lab-in-the-pocket kit designed for schoolchildren
Posted 28-Aug-2020 09:03


Fitbit introduces Sense, its most advanced health smartwatch
Posted 26-Aug-2020 10:14



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.