198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Who wants to try a Domino server addin that stops Lockey viruses?
Fri, Mar 11th 2016 6
WordDOC Macro Killer
Wed, Jan 6th 2016 4
Have you been targeted by Fraud emails?
Thu, Dec 18th 2014 4
Poodle + Domino SSL = Mail Problems
Wed, Oct 22nd 2014 5
IBM and Apple focus on the Enterprise
Wed, Jul 16th 2014 5
CryptorBit Virus
Mon, May 5th 2014 4
Time-lapse of Product Showcase Taken from my GoPro Camera
Tue, Feb 4th 2014 2
Top 10
Who wants to try a Domino server addin that stops Lockey viruses?
Fri, Mar 11th 2016 6
IBM and Apple focus on the Enterprise
Wed, Jul 16th 2014 5
Poodle + Domino SSL = Mail Problems
Wed, Oct 22nd 2014 5
Virus Names translated from Chinese
Tue, Jan 7th 2014 5
CryptorBit Virus
Mon, May 5th 2014 4
Have you been targeted by Fraud emails?
Thu, Dec 18th 2014 4
Refrigerators Now Send Spam as Well as Keeping it Cold
Mon, Jan 20th 2014 4
WordDOC Macro Killer
Wed, Jan 6th 2016 4
Increase in Virus Activity
Thu, Jan 9th 2014 3
Notice to Appear in Court
Thu, Jan 2nd 2014 3


Blocking EXE attachments is working great!
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Frank Paolino    

We have advised customers of SpamSentinel for the last month to block EXE attachments, even (especially!) inside zip files.

I have been monitoring the results on one of our servers, and they are spectacular in catching new virus outbreaks before their "signatures" are recorded. These are "zero hour" zero hour viruses, fresh off the computers of the virus makers.

Here is a screenshot showing the recent patterns, piggybacking on popular email types, like airline ticket confirmations, order confirmations, purchase orders and private photos.

All of these zip files contain EXE files inside that want to infect your machine in your haste to open them.
Subject Dangerous Attachment
Re: Interested to purchase order details.zip
Re: Interested to purchase order details.zip
Private photo IMG6299082757-JPG.zip
Your order is ready US_Airways_E-Ticket_NO36049.zip
Fedex Team Track code 4734-02741-6535 Track_1764-78103-4529.zip
Ticket #7727  is ready AA_Airlines_E-Ticket_ID08655.zip
Your ticket AA_Airlines_E-Ticket_ID58270.zip
Ticket #8469  is ready AA_Airlines_E-Ticket_ID07194.zip
Order #3198 is processed AA_Airlines_E-Ticket_ID26928.zip
Your ticket AA_Airlines_E-Ticket_ID07268.zip
Your order #NR0106 is processed AA_Airlines_E-Ticket_ID81660.zip
Fedex Team Track code 3001-14706-5033 Track_1764-78103-4529.zip
Your order #3170 is processed AA_Airlines_E-Ticket_ID79506.zip
Thank you for your order AA_Airlines_E-Ticket_ID81254.zip
The order is ready AA_Airlines_E-Ticket_ID36241.zip
Your order # NR15-2662 has been completed US_Airways_E-Ticket_NO37925.zip
Seen this picture? IMG5810314307-JPG.zip
Kindly send us the Proforma Invoice Asap. Food items.pdf.zip
Order #NR7704 US_Airways_E-Ticket_NO26131.zip
Your order # NR15-5845 has been completed US_Airways_E-Ticket_NO08933.zip
Payment advice Payslip.zip
Our PO attached PO.zip
Enquiry REW233.zip
Fedex Team Track code 4740-07014-6833 Track_1764-78103-4529.zip
FedEx Shipment Department Track code 4436-58788-5840 Track_1764-78103-4529.zip
Thank you for your order US_Airways_E-Ticket_NO78203.zip
FedEx Shipment Department Track code 3107-43181-8785 Track_1764-78103-4529.zip
FedEx Express Track code 5624-34586-7353 Track_1764-78103-4529.zip
Download your ticket #1797 US_Airways_E-Ticket_NO36208.zip
FEDEX  EXPRESS SHIPMENTS Track code 1238-50488-7111 Track_1764-78103-4529.zip
Order #NR4312 is processed Ticket_Delta_AirLines_Print_doc_1657.zip
Download your ticket #NR9798 Ticket_Delta_AirLines_Print_doc_4026.zip
P.O. 634563 Order Order Sample 1-.zip
FedEx Shipment Department Track code 5041-68031-6666 Track_1764-78103-4529.zip

 

I have a view of all of these in my Quarantine.nsf. Many show "undisclosed-recipients" which means this was a BCC attack, as below:


A picture named M2

This one contained more than 9 recipients from different organizations:

A picture named M3

I opened a few of the messages (not the attachments!) and found typical patters.

This one is "not personalized" which is often a clue.

A picture named M4

This one is allegedly a FedEx Track Code, they even made up a fake number, but it is sent to 20 people. Did we all receive that same package?


A picture named M5

This one breaks all the rules:
1. No SendTo
2. Contains a Zip with an EXE inside
3. Not personalized
4. Signature incomplete.

A picture named M6


Take a look at this one. Can you now identify why this is a very suspicious email?

A picture named M7




---------------------
http://blog.maysoft.org/blog.nsf/d6plinks/FPAO-9ECK8E
Dec 13, 2013
3 hits



Recent Blog Posts




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition