Poisoned Emails
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
I kinda want a copy of the JS file to dissect.
i cri evry tiem
-
I kinda want a copy of the JS file to dissect.
i cri evry tiem
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
For the last month I've also seen a massive increase in these emails and I now also get several a day. Most are easily seen as fakes but some are actually scarily good. Not good enough to convince me to open the attachment, but I'm sure many will be. Some emails appear to be copies of actual invoice emails sent from the alleged source company so everything checks out, the contact numbers, the "from address" and it looks legit. I also feel sorry for the companies that are being spoofed as I saw the rise of these emails on the BBC and they say that the companies being spoofed are being inundated with calls from angry people asking why they are chasing invoices for things they didn't order.
-
For the last month I've also seen a massive increase in these emails and I now also get several a day. Most are easily seen as fakes but some are actually scarily good. Not good enough to convince me to open the attachment, but I'm sure many will be. Some emails appear to be copies of actual invoice emails sent from the alleged source company so everything checks out, the contact numbers, the "from address" and it looks legit. I also feel sorry for the companies that are being spoofed as I saw the rise of these emails on the BBC and they say that the companies being spoofed are being inundated with calls from angry people asking why they are chasing invoices for things they didn't order.
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Usually I don't - I mean, U receive a lot of those e-mail but they are egregiusly filtered by Big G spam filter and end up in the Spam folder. I rarely receive spam or phishing between the good e-mails.
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Just under 5% of the emails I get are junk: adverts, spam, phishing, and such like - nearly all of which I never see because it goes straight to my "junk mail" folder via the Live Mail rules I have set up. Every now and then I go through and forward phishing mails to the supposed originator. But so far I've not seen anything like you describe. I still do regular-and-often backups though! :laugh:
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Just under 5% of the emails I get are junk: adverts, spam, phishing, and such like - nearly all of which I never see because it goes straight to my "junk mail" folder via the Live Mail rules I have set up. Every now and then I go through and forward phishing mails to the supposed originator. But so far I've not seen anything like you describe. I still do regular-and-often backups though! :laugh:
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Quote:
I still do regular-and-often backups though!
That's the secret to survive Ransomware, isn't it? :-D
Get me coffee and no one gets hurt!
Probably! I find that if you have a backup, you probably won't need it. If you don't... :laugh:
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Probably! I find that if you have a backup, you probably won't need it. If you don't... :laugh:
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
Quote:
if you have a backup, you probably won't need it
Yup! And having full backups takes fear out of the equation, doesn't it? Knowing you can recover from an attack gives you peace of mind, even if it never happens. ;)
Get me coffee and no one gets hurt!
-
Oh yes, I forgot about the fake invoices. I get those too.
Get me coffee and no one gets hurt!
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
I get a few dozen of these every day. "Past due bill" "Invoice Payment" "Fax sent" etc, etc...
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013 -
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Don't worry. Letting windows update own your computer and rule your life will solve all your problems. Oh, wait... No it won't. It'll just "fix" things that work. The best process security and peace of mind is, and has always been, "don't do anything stupid". If you use Outlook (the MS Office version), one trick is to drop suspect files into the "Junk E-mail" folder before opening them. That disables anything that could do a nasty. But I prefer the "If in doubt, delete" method. Failing to open a genuine e-mail will not add or remove a second to or from your lifespan.
I wanna be a eunuchs developer! Pass me a bread knife!
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Well, gosh, don't you have a filter in your e-mail whatever that is at least flagging these toxic billet-doux, routing them into a special folder (as in Chrome's 'Spam folder) ? If I were ever crazy enough to open one of those '.doc files, or run some kind-a strange JavaScript, I suspect my Emsisoft software would catch them and warn me.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
-
Don't worry. Letting windows update own your computer and rule your life will solve all your problems. Oh, wait... No it won't. It'll just "fix" things that work. The best process security and peace of mind is, and has always been, "don't do anything stupid". If you use Outlook (the MS Office version), one trick is to drop suspect files into the "Junk E-mail" folder before opening them. That disables anything that could do a nasty. But I prefer the "If in doubt, delete" method. Failing to open a genuine e-mail will not add or remove a second to or from your lifespan.
I wanna be a eunuchs developer! Pass me a bread knife!
Quote:
But I prefer the "If in doubt, delete" method.
Precisely! Same here. But maintaining good backups does not hurt. Ransom viruses are also spread by hacked "good" websites. There is always the risk of visiting a supposedly safe website that has been hacked.
Get me coffee and no one gets hurt!
-
Well, gosh, don't you have a filter in your e-mail whatever that is at least flagging these toxic billet-doux, routing them into a special folder (as in Chrome's 'Spam folder) ? If I were ever crazy enough to open one of those '.doc files, or run some kind-a strange JavaScript, I suspect my Emsisoft software would catch them and warn me.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
-
I and family members have seen a nasty increase in malware emails that most likely will plant a Ransom Virus if the attachment is acted upon. We now get several every week and sometimes several in one day. One of the most insidious is an email where the sender is spoofed to be Amazon. The "Amazon" message will seem to announce a shipment having been sent. However, there are two tell tale warning signs: 1) It is sent to an email address that only my friends and family know. I use a different email address for Amazon. 2) The message is empty, except for an attached Word document. Amazon never attaches Word documents to their emails. Like I'm going to open such a Word document and run the risk of a malicious macro getting run on my machine. :| The other type will be an empty email from myself to myself. It has an attached zip file that contains a Javascript file. If you look into the message header it is full of Arabic characters and is sent from a domain in Iran. Of course I am in the habit of running Javascripts from unknown sources on my machine. :| Now here's the bummer: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean! I was wondering if anyone else has had similar experiences?
Get me coffee and no one gets hurt!
Had the exact e-mail before. A good metric to see what scanners are good is to upload the attachment to http://www.virustotal.com and see which scanners detect it. Neither MalwareBytes nor Symantec picked it up when I checked awhile ago.
-
Had the exact e-mail before. A good metric to see what scanners are good is to upload the attachment to http://www.virustotal.com and see which scanners detect it. Neither MalwareBytes nor Symantec picked it up when I checked awhile ago.
-
Never posted a link here before. It did something like codeproject.com/virustotal.com :laugh: I changed the link to just be the full address that you can copy and paste.
-
Never posted a link here before. It did something like codeproject.com/virustotal.com :laugh: I changed the link to just be the full address that you can copy and paste.
OK, I reached the page by typing virustotal.com in the URL bar. Thanks for the reference! Your post deserves an upvote. :)
Get me coffee and no one gets hurt!
-
Quote:
But I prefer the "If in doubt, delete" method.
Precisely! Same here. But maintaining good backups does not hurt. Ransom viruses are also spread by hacked "good" websites. There is always the risk of visiting a supposedly safe website that has been hacked.
Get me coffee and no one gets hurt!
Cornelius Henning wrote:
Ransom viruses are also spread by hacked "good" websites.
This is the exact reason why I typically use Firefox with NoScript and AdBlockPlus (extended with my own personal filters). It has made the internet a pretty spartan place and there are some websites that don't even load anymore but I consider any website that will not fulfill its basic purpose without scripts or linking to 12 other sites as poor web design and not worth my time (and by basic purpose, I mean displaying information). If I need the full capabilities of a website, I turn on what is needed or switch over to Chrome. The end result is that I have ultimate control of what web content is allowed to run on my PC.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
