Thursday 24 March 2016

Another gross

Another gross of malware-bearing (maliferous?) emails arrived today. I can't help feeling that the Bad People must believe that they'll harvest a fine crop of victims, otherwise why bother?

I picked one of the emails and ran it through VirusTotal. 8 products flagged it, 48 passed it as clean.

The products that flagged it are:

Avira (no cloud)

But if you're using one of those products, don't pat yourself on the back too hard. 

I tried another one, and 3 flagged it, 53 failed. The ones that flagged it are:      


I haven't tested the other 142 emails, but I would expect that I'd get similarly dismal results.       

What does this malware do? They download something from a remote server, and the thing they download is the payload. So I don't know, but if I had to guess, I'd guess that
a week or so after installation, a screen will pop up telling you that if you want to see
your data again, you'll have to send $1000 in bitcoin to the criminal.

Wow. This is *such* a big problem. But a big problem is just a big opportunity seen from the wrong end. Surely someone soon will make a product that strips out potentially malicious attachments, or the parts of attachments that are potentially malicious? Anyone who did that, could do very well out of it. I mean, it is *so* easy to see that your current AV solution isn't solving the problem that people are actually facing today. Just take a few of the malware-bearing emails that you get today, and see if your current AV flags them.

And do make sure that you have a backup.


  1. So, Britain’s most senior police officer has been accused of attempting to shift blame on to victims of online fraud after he suggested consumers should not be refunded by banks if they fail to protect themselves from cybercrime.

    Sir Bernard Hogan-Howe, the Metropolitan police commissioner, said customers who had fallen foul of online fraudsters were being “rewarded for bad behaviour” instead of incentivised to update anti-virus software and improve passwords.

    This was discussed last night on national Radio 5 Live. Some people voiced the view that if someone left the keys in an unlocked car, then the insurer would not pay out so why should banks be different?

    I sent them my view on the current uselessness of anti-virus software, as influenced by your blogs and it was read out on air (even if they did mispronounce my name).

    I would blame the banks for not implementing more robust systems. One online bank account I have does even have a method of password changing (other than phoning them up and requesting it).

  2. Well done you - I wish I could have heard that.

  3. Catch up is here:

    (It was Adrian Goldberg though (not Phil Williams))

  4. My modest contribution about 45 mins in.