On Wed, 3 Sep 2014, Amir Caspi wrote:
On Sep 3, 2014, at 2:01 PM, John Hardin <jhar...@impsec.org> wrote:
Did that hit any of the existing phish rules? They may need some attention...
Similar phishing just received, spample here:
http://pastebin.com/UEmb035j
It did not hit any phishing rules.
The existing phishing rules are more focused on email or bank account
phishing similar to what David posted.
Your example isn't really phishing as (according to the original report)
the only thing the victim enters is a CAPTCHA response. They aren't trying
to fool you to give up information, they are trying to fool you into
running a program.
I may need to deploy your sandbox rules locally until they migrate to the main
ruleset...
Bear in mind they are only unscored subrules, added to the sandbox for
corpora evaluation. If they do well against the masscheck corpora I'll add
a scored meta for them.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
You are in a maze of twisty little protocols,
all written by Microsoft.
----------------------------------------------------------------------
14 days until the 227th anniversary of the signing of the U.S. Constitution
