Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fake LogMeIn Certificate Update with Bad AV Detection Rate

Published: 2014-09-22
Last Updated: 2014-09-22 15:47:36 UTC
by Johannes Ullrich (Version: 1)
5 comment(s)

I just receive a pretty "plausible looking" e-mail claiming to originate from The e-mail passed the first "gut check".

  • The "From" address is
  • It was sent to an address I have used for Logmein in the past
  • The only link inside the e-mail went to a legit Logmein URL.

Of course, the .zip attachment did set off some alarm bells, in particular as it unzipped to a .scr (Screen Saver).

According to VirusTotal, AV detection is almost non-existant at this point:

LogmeIn does publish a SPF record, and the e-mail did not originate from a valid LogmeIn mail sender, so it should be easy to descriminate against these emails using a standard spam filter.

Johannes B. Ullrich, Ph.D.

Keywords: logmein malware
5 comment(s)
Diary Archives