Subject: Data requestThe attachment in this case is called Statement_January-October.zip and contains an executable named Statement_January-October.doc[44 spaces].exe. The blank spaces are designed to push the .exe part of the filename down so that it is invisible.
From: "Billy Roark"
Please find the document attached to this message. The report was issued today.
Requested account details have been altered successfully.
Thank you for contacting us.
Respectfully,
Billy
It is a different binary from yesterday with better detection rates. But the best cure for this is avoidance, and blocking EXEs-in-ZIPs is the best cure.
No comments:
Post a Comment