Another gross of malware-bearing (maliferous?) emails arrived today. I can't help feeling that the Bad People must believe that they'll harvest a fine crop of victims, otherwise why bother?
I picked one of the emails and ran it through VirusTotal. 8 products flagged it, 48 passed it as clean.
The products that flagged it are:
Avira (no cloud)
But if you're using one of those products, don't pat yourself on the back too hard.
I tried another one, and 3 flagged it, 53 failed. The ones that flagged it are:
I haven't tested the other 142 emails, but I would expect that I'd get similarly dismal results.
What does this malware do? They download something from a remote server, and the thing they download is the payload. So I don't know, but if I had to guess, I'd guess that
a week or so after installation, a screen will pop up telling you that if you want to see
your data again, you'll have to send $1000 in bitcoin to the criminal.
Wow. This is *such* a big problem. But a big problem is just a big opportunity seen from the wrong end. Surely someone soon will make a product that strips out potentially malicious attachments, or the parts of attachments that are potentially malicious? Anyone who did that, could do very well out of it. I mean, it is *so* easy to see that your current AV solution isn't solving the problem that people are actually facing today. Just take a few of the malware-bearing emails that you get today, and see if your current AV flags them.
And do make sure that you have a backup.