My Personal Tale of Malware – Undetectable!

I received an email with the subject, “FedEx Shipment Notification.” The body of the email says that I have a package waiting for me and I should open the attached PDF for more details. The grammar and spelling are fine, often telltale signs of a malicious email. I’m suspicious so I check the email header and it confirms the mail didn’t come from FedEx servers.

I’m curious about the attached PDF so I test it with Microsoft Security Essentials I have running on this PC. MSE shows that it is virus-free. I’m still suspicious so I test the attachment at virustotal.com, a fantastic tool that tests files against 40 or so anti-virus engines running the latest updates. BTW, the bad guys test their latest inventions using this website. Only three out of 41 AV engines show that this file contains malware. Only one of the three was a major AV vendor. That’s scary.

So I wonder about the thousands, perhaps hundreds of thousands of recipients of this mail? I wonder how AOL’s email system didn’t detect this mail as spam. More importantly how would other recipients of this mail have handled it. My suspicion is that a large number thought the mail was legit and opened the attachment. Their PC is owned. Too late!

Advertisements

About infoguardianangel
The consumer and corporate information guardian angel. Cybersecurity and privacy advice for my clients (and anyone else who cares about protecting their data or their companies).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: