Posting again as the original post didn't hit the mailing list - Hi Guys,
Last week my company received a noticeable increase in emails containing MS office attachments with a Malicious VB script which downloaded something nasty. For example Subj - Remittance [Report ID:54400-2187772], attachments were "10 random chars".xls or Subj - PURCHASE ORDER (34663), attachments "2600_001".doc In all cases we receive a couple of thousand emails across the customer base over a couple of hours, sometimes originating from the same sender (in which case I blacklist) but more often differing senders/IP's. Historically I add a rule to pick up on the obvious characteristics - Subj, attachment name etc and because they are pretty short-lived campaigns it's generally sufficient. What I'd like to know is - a) Did any of you see similar? b) Do you have any suggestions in order to detect this kind of stuff more efficiently and on a more generic basis but without introducing FP risk? Thanks in advance ata -- View this message in context: http://spamassassin.1065346.n5.nabble.com/Recent-spate-of-Malicious-VB-attachments-II-tp114621.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
