Wednesday 13 April 2016

Another invoice

Date: Wed, 13 Apr 2016 16:44:04
From: Sandra Hays <>Subject: Prompt response required! Past due inv. #WHK630082
Parts/Attachments:   2            59 KB     Application


I am showing that invoice WHK630082 is past due.  Can you tell me when this invoice is scheduled
for payment?

Thank you,

Sandra Hays

Accounts Receivable Department


The file extension says it's an rtf file. Actually, it isn't. But because of the extension, it will be loaded into Word, and from there ...

VirusTotal says that it first saw it 22 minutes ago. Seven out of 56 products flag it.

You have to feel sympathy for AV product vendors. How could they be expected to flag malware that only spread 22 minutes ago? It's not surprising that 90% of products don't spot the malware that arrives in my (and, I'd guess, your) inbox.

But at the same time, my sympathy is limited. Very limited. Because A) they're taking money for a product that isn't doing what buyers expect, and B) they could, actually, create a product that is actually useful (previous blog posts have explained how, and I even created a "demo product" that shows that it's possible to remove macros from emails with attached word documents.

No comments:

Post a Comment