Jump to content


Photo

New smart Dynamically generated phishing

spam

  • Please log in to reply
1 reply to this topic

#1 Xinet Solutions

Xinet Solutions
  • Members
  • 1 posts

Posted 11 June 2019 - 04:11 PM

Hello, we have detected several instances of spam  looking exactly like legit email
 
they dont contain virus, and they seem to be generated by an script
 

They look exactly like SAT emails (the Mexican IRS)  the only givaway is that they come from brazil. (but we can't just block a whole country, can we?)...
 
This is how it looks on mail client
 
https://imgur.com/686ihj3
 
this is the content

 <http://unbouncepages.com/training-template-26471027869253355/> 
Descargar todo como.zip  archivos adjuntos (98kb) <http://unbouncepages.com/training-template-26471027869253355/> 
11/06/2019 17:02:19
se anexa el seguiente comprobante fiscal digital
Remitente: Servicio de Administración Tributaria N-66816155.
Hemos identificado que tienes pendiente de presentar, al 11 de junio de 2019, lo siguiente:
SERIE Y FOLIO: _BME_2019_66816155_6681.

we can't block words like

se anexa el seguiente comprobante fiscal digital

 

 

because they mean

"Here is attached the following invoice"

 

and that is used by ALL the electronic invoices systems in mexico. 

The only words we figured we could block is

 

Descargar todo como.zip

 

(means download everything as zip)

 

 

We added that to the content filter:  We already started to see blocked fishing with no false positives so far.

 

But Please notice how MOST of the words are randomly generated, like invoice number, and date, and  how the linked content is just a landing page form, so no virus in the link or attachment, I know this is terribly difficult to block for barracuda or any filtering system for that matter.

 

so any advice about the content filtering?  
 

thanks in advance

 



#2 avi liyo

avi liyo
  • Members
  • 1 posts

Posted 09 November 2019 - 04:15 AM

Kaspersky Login is best antivirus code that discover the virus and threat from your laptop and end them which focus solely your system speed up. This code is imagining to your system protection for a lot of data visit here kaspersky-login.com and gets the entire guide concerning kaspersky login.

 

http://garminlogin.com