RE: Recent spate of Malicious VB attachments II

Wed, 18 Feb 2015 05:19:41 -0800 

Thanks for your feedback, much appreciated

We do regularly review our AV solution and are generally happy with what we 
have in place. The issue was and continues to be that this is new variant 
Malware so by the time the AV's catch-up we already have a number of mails 
received in the Userbase.
Was kinda hoping for some clever spam rule trickery to combat this but maybe I 
should just reset my expectations :)
 
But in any case, any further suggestions/comments are gratefully received.
 
Cheers
Tony
 
Date: Wed, 18 Feb 2015 06:08:30 -0700
From: ml-node+s1065346n114622...@n5.nabble.com
To: tiar...@hotmail.com
Subject: Re: Recent spate of Malicious VB attachments II



        On 02/18/2015 01:09 PM, Tonyata wrote:

> Posting again as the original post didn't hit the mailing list -

>

> Hi Guys,

>

> Last week my company received a noticeable increase in emails containing MS

> office attachments with a Malicious VB script which downloaded something

> nasty.

>   For example Subj - Remittance  [Report ID:54400-2187772], attachments were

> "10 random chars".xls or Subj - PURCHASE ORDER (34663), attachments

> "2600_001".doc

>

> In all cases we receive a couple of thousand emails across the customer base

> over a couple of hours, sometimes originating from the same sender (in which

> case I blacklist) but more often differing senders/IP's. Historically I add

> a rule to pick up on the obvious characteristics - Subj, attachment name etc

> and because they are pretty short-lived campaigns it's generally sufficient.

>

> What I'd like to know is -

>

> a) Did any of you see similar?

yes!


> b) Do you have any suggestions in order to detect this kind of stuff more

> efficiently and on a more generic basis but without introducing FP risk?


Get a decent AV.


Test samples at https://virustotal.com

The results will probably help you make a decision as to which AV 

product meets your expectations.


If you don't want to spend on AV the you'll have to  look into free 

ClamAV signatures :


http://sanesecurity.com/ and others.





        
        
        
        

        

        
        
                If you reply to this email, your message will be added to the 
discussion below:
                
http://spamassassin.1065346.n5.nabble.com/Recent-spate-of-Malicious-VB-attachments-II-tp114621p114622.html
        
        
                
                To unsubscribe from Recent spate of Malicious VB attachments 
II, click here.

                NAML
                                                  



--
View this message in context: 
http://spamassassin.1065346.n5.nabble.com/Recent-spate-of-Malicious-VB-attachments-II-tp114621p114623.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Reply via email to