... but it's blocked by: Sanesecurity.Phishing.Fake.24204 which was added a day ago...
Here's one site's view of the situation.... and it's history over time...
Wednesday, 22 October 2014
Fake iTunes phishing blocked again...
Oh dear... iTunes email just coming in...
... but it's blocked by: Sanesecurity.Phishing.Fake.24204 which was added a day ago...
Here's one site's view of the situation.... and it's history over time...
... but it's blocked by: Sanesecurity.Phishing.Fake.24204 which was added a day ago...
Here's one site's view of the situation.... and it's history over time...
Thursday, 7 November 2013
Zemana AntiLogger helps protect against keyloggers and malware
Zemana AntiLogger
Seeing as I'm an affiliate for Zemana Antilogger and also use the program on my windows laptop as an extra layer of protection, I thought I'd at least put a blog entry about it ;)Zemana AntiLogger is a powerful, efficient, and lightweight app that blocks hackers. It detects any attempts to modify your computer’s settings, record your activities, hook to your PC’s sensitive processes, or inject malicious code in your system.
The AntiLogger is designed to work with your anti-virus. While an anti-virus application will protect you against a wide range of known forms of malware, the AntiLogger is able to stop advanced, new, and niche threats developed with a specific objective: to steal your private information or access your secure internet connections.
Here's an example popup window, where you can Allow or Block an application easily:
Product Info
BuyNow
Trial Download
Incoming malware example
An incoming bit of malware:
"Please see attached copy (Invoice_9918492) of the original invoice." with an attached zip file.
Let's have a look at the *current* 0 minute results...
MD5: 90d968aab763ea0e91c357e47f10372d
File name: Invoice_9918492.zip
Detected already by ClamAV 3rd Party signatures:
phish.ndb: Sanesecurity.Malware.22634.ZipHeur.Dte.UNOFFICIAL
foxhole_all.cdb: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL
Detected already by ClamAV 3rd Party signatures hashes:
rogue.hdb: Sanesecurity.Rogue.0hr.1107v29162.UNOFFICIAL
bofhland_malware_attach.hdb: BofhlandMWFile498.UNOFFICIAL
Example snapshot, number blocked per hour mean: 114, Max: 4831
VirusTotal:
Detection ratio: 2 / 47
Analysis date: 2013-11-07 09:13:28 UTC ( 2 minutes ago )
AntiVir: TR/Crypt.XPACK.Gen3
Sophos: Troj/Invo-Zip
ThreatTrack Pdf Analysis:
https://drive.google.com/file/d/0B1SVySdiVS8BY25DSmdaOXZzbU0
"Please see attached copy (Invoice_9918492) of the original invoice." with an attached zip file.
Let's have a look at the *current* 0 minute results...
MD5: 90d968aab763ea0e91c357e47f10372d
File name: Invoice_9918492.zip
Detected already by ClamAV 3rd Party signatures:
phish.ndb: Sanesecurity.Malware.22634.ZipHeur.Dte.UNOFFICIAL
foxhole_all.cdb: Sanesecurity.Foxhole.Zip_exe.UNOFFICIAL
Detected already by ClamAV 3rd Party signatures hashes:
rogue.hdb: Sanesecurity.Rogue.0hr.1107v29162.UNOFFICIAL
bofhland_malware_attach.hdb: BofhlandMWFile498.UNOFFICIAL
Example snapshot, number blocked per hour mean: 114, Max: 4831
VirusTotal:
Detection ratio: 2 / 47
Analysis date: 2013-11-07 09:13:28 UTC ( 2 minutes ago )
AntiVir: TR/Crypt.XPACK.Gen3
Sophos: Troj/Invo-Zip
ThreatTrack Pdf Analysis:
https://drive.google.com/file/d/0B1SVySdiVS8BY25DSmdaOXZzbU0
Saturday, 30 March 2013
New website
Well, it's been a while since I've updated the blog, so I thought I'd better do so.
To start with, the new website is live, on the sanesecurity.com domain at the moment.
More new stuff coming shortly....
Subscribe to:
Posts (Atom)
3 variants of these documents so far...
VirusTotal 1
VirusTotal 2
VirusTotal 3
I've added detection for all these types, in phish.ndb as:
Malware Detected as: Sanesecurity.Malware.24509.DocHeur
ClamAV 3rd Party signatures: http://sanesecurity.com
#clamav #sanesecurity #malware
Sample Subjects:
Commercial Debt Recovery, Ref No:
Industrial Invoices
Employee Documents - Internal Use
Reference: