This fake email contains an EXE in a ZIP designed to look like a Word document (complete with authentic looking icon), in this case "Statement1-10.doc .exe" (there are 75 spaces in the filename that blogger strips out)
Subject: [name] Report Jan-Oct.The attached ZIP file is called Statement1-10.zip. VirusTotal shows detection is poor with what look like generic detections only.
From: "Clara Slaughter"
Dear Customer,
As you requested, we are sending you this report with details on your account
transactions made between 1/1/2008 and 10/1/2008.
At your service,
Clara
If you mail filter allows it, you should block EXEs in ZIP files. Postini allows this, I guess other filtering services do too.
No comments:
Post a Comment