Fake American Express Email

  • 24 April 2013
  • 9 replies
  • 37 views

Userlevel 7
Badge +56
I just receveid an Email from a Fake American Express with an Zip Attachment so I decided to save it and scan it with WSA and it was detected Wed 24-04-2013 14:18:08.0916    Infection detected: c:usersdanieldownloadssecuremail.zip/securemail.exe [MD5: 6870FD8FD2B2BEDD83E218D9E7E4DE8B] [3/00080001] [W32.Rogue.Gen] so I uploaded to VirusTotal to see the results15/46 https://www.virustotal.com/en/file/550b36fc4079a353a3b7dbae9580cf8a7f3798db4d02801d3392e974378fd651/analysis/1366827581/ but allot of the big hitters sort of to say it's still not detected. Great Job Webroot as I get so many of these Fake emails and my ISP uses Norton AntiVirus and does not catch them 99% of the time. ;)  Note: Don't do this at home kids unless you know what you are doing.
 
TH

9 replies

Userlevel 7
Seems quite a few big names missed it... tsk tsk.  
 
😉
Userlevel 7
Badge +56
@DavidP wrote:
Seems quite a few big names missed it... tsk tsk.  
 
;)
Yes I agree and the thing is WSA does not wast time scanning email but if the Attachment is unzipped WSA jumps on it like a Pit Bull or is that John Bull or Red Bull? 😉 As most people should just delete them but if not and they are using WSA they are well protected in any event. Some people call me a fanboy on other forums but the proof is in the pudding they just have to understand how WSA really works it's the future and it's here now!
 
Daniel
Userlevel 7
@ wrote:
Yes I agree and the thing is WSA does not wast time scanning email but if the Attachment is unzipped WSA jumps on it like a Pit Bull or is that John Bull or Red Bull? 😉 As most people should just delete them but if not and they are using WSA they are well protected in any event.
 
Daniel
I admit, when I first heard about Webroot's approach, I was not sold on it nor convinced it would be effective.
 
I am sold on it now, it really does work without making your computer work overtime.  
Userlevel 7
Badge +56
@DavidP wrote:
@ wrote:
Yes I agree and the thing is WSA does not wast time scanning email but if the Attachment is unzipped WSA jumps on it like a Pit Bull or is that John Bull or Red Bull? 😉 As most people should just delete them but if not and they are using WSA they are well protected in any event.
 
Daniel
I admit, when I first heard about Webroot's approach, I was not sold on it nor convinced it would be effective.
 
I am sold on it now, it really does work without making your computer work overtime.  
It's a 712kb download for the PC version installs in about a minute or two and auto updates in a flash of an eye and 2 to 5MB's of Ram usage. Like Joe said in one PC Mag article most Bitmap Image's are bigger than the install file. LOL
 
Daniel
 

Userlevel 7
I actually enjoy getting files like that so I can play with them a little bit. Sometimes run the in a virtualized enviornment and see what changes it makes and who can really catch it. So far, Webroot has been the best of the lot, catching some files that other "Big-Name" products do not.
Userlevel 7
Daniel, I am glad WSA stood up and secured your machine. Moreover WSA was between the first to caught this malware! Great work Webroot folks.
Userlevel 7
We saw that on the 24th of April, we regularly see stuff bad before other AV`s. That file itself has a Adobe icon uses about 8mb of RAM when initiall run. Seems it drops a file in the users app data and creates a shell entry for said file. I was hoping it was going to do something exiting and cool.
Userlevel 7
@ wrote:
we regularly see stuff bad before other AV`s.
I ❤️ ❤️ WEBROOT. 😃
Userlevel 7
Badge +6
It's always a bummer when you run a malware sample and it's designed to be super-simple to evade AV heuristics. No fun in that.
 
I endorse the site malwr.com as a first-line sandbox to make sure the malware is juicy.

Reply