Well after hitting 25 gig of bandwidth again this month, it's time to force people to move over to the latest round-robin urls. So, if your using an old script then you will no longer be receiving the Sanesecurity signatures, as the phish and scam databases at the old download locations have now been blanked.
use the updated scripts from the usage page;
round-robin urls:
http://www.sanesecurity.com/clamav/phishsigs/phish.ndb.gz
http://www.sanesecurity.com/clamav/scamsigs/scam.ndb.gz
Tuesday, 31 July 2007
stock spam evolve again... to zip... erm... rar
Well, spammers have again this morning changed tactics again... were now seeing a standard text stock spam... inside what looks like a zip file.
However, looking at the zip file.. it's actually a rar file... another confusing trick.
Detection added as: Email.Stk.Gen603.Sanesecurity.07073100.zip
However, looking at the zip file.. it's actually a rar file... another confusing trick.
Detection added as: Email.Stk.Gen603.Sanesecurity.07073100.zip
Sunday, 22 July 2007
From PDF to XLS to Zipped XLS: Stock spam
Received another variant of the XLS stock spam... this time... the spammers are zipping the XLS stock spreadsheet.
Sample Received date: 22 Jul 2007 15:48:20 +0200
Signature Email.Stk.Gen598.Sanesecurity.07072000.xls from yesterday already detected it :)
Sample Received date: 22 Jul 2007 15:48:20 +0200
Signature Email.Stk.Gen598.Sanesecurity.07072000.xls from yesterday already detected it :)
Saturday, 21 July 2007
From PDF to XLS: Stock spam
Well well, the spammers change tactics yet again, from the image spam and the pdf spam... to the downright sneeky Excel spreadsheet spam.
As most companies use XLS (and PDF for that matter) the spammers know that companies won't block these extension types, as it'll stop genuine email too.
21st July 2007 timeline
At 16:11 UK time, I received an interesting stock spam sample and started to analyse;
At 17:00 UK time, I was received five more samples.... all XLS spreadsheets.
At 18:05 UK time, the first signature was uploaded to the mirrors:
Email.Stk.Gen598.Sanesecurity.07072000.xls
Here's a screenshot:
Wonder what format is going to be next for the spammers?
As most companies use XLS (and PDF for that matter) the spammers know that companies won't block these extension types, as it'll stop genuine email too.
21st July 2007 timeline
At 16:11 UK time, I received an interesting stock spam sample and started to analyse;
At 17:00 UK time, I was received five more samples.... all XLS spreadsheets.
At 18:05 UK time, the first signature was uploaded to the mirrors:
Email.Stk.Gen598.Sanesecurity.07072000.xls
Here's a screenshot:
Wonder what format is going to be next for the spammers?
Monday, 16 July 2007
Phishers go Green!
It's nice to know that even the phishers care about saving the planet, I mean it looks legit:
... well, apart from hsbc.co.uk with a .hk domain ending:
... well, apart from hsbc.co.uk with a .hk domain ending:
Thursday, 5 July 2007
Digg Post
Here's a post on Digg from a user, for a bit of useful sounding software:
When you click on the link, you are taken to a download site:
Scanning the download file:
So, is this just a false positive or a different way of getting malware out to the world ??
When you click on the link, you are taken to a download site:
Scanning the download file:
So, is this just a false positive or a different way of getting malware out to the world ??
PayPal phish using a word document
Here's a phish that came in from PayPal which contained a word document.
As the email used an image for the main text body and a word document, the phisher no doubt thought it would bypass filters.
Here's the main email:
Here's the content of the word document:
As the email used an image for the main text body and a word document, the phisher no doubt thought it would bypass filters.
Here's the main email:
Here's the content of the word document:
Subscribe to:
Posts (Atom)