Wednesday, 28 October 2015

Thank you for your order! IKEA receipt stats

The earlier report fake Ikea receipt containing word macro malware, was instantly blocked with Sanesecurity ClamAV signatures phish.ndb and badmacro.ndb.

What's interesting is the graph of the first wave of this... started at 9.20-ish am and finished at just after 9.45am-ish... but look at the numbers, peaking at 18.5k...

No doubt after a few hash changes to the document, it'll be back for another run shortly and you can see that traditional AV's don't have a lot of time between bot-runs to get detection updated.

 Updated graph:



No comments: