I just receive a pretty "plausible looking" e-mail claiming to originate from Logmein.com. The e-mail passed the first "gut check".
Of course, the .zip attachment did set off some alarm bells, in particular as it unzipped to a .scr (Screen Saver). According to VirusTotal, AV detection is almost non-existant at this point: LogmeIn does publish a SPF record, and the e-mail did not originate from a valid LogmeIn mail sender, so it should be easy to descriminate against these emails using a standard spam filter. --- |
Johannes 4069 Posts ISC Handler Sep 22nd 2014 |
Thread locked Subscribe |
Sep 22nd 2014 6 years ago |
Could you provide a link to the Virus Total report on the file?
|
BigTotoro 4 Posts |
Quote |
Sep 22nd 2014 6 years ago |
Logmein ain't free anymore, I wonder how many people will actually fall for this. I switched to teamviewer the second logmein went non-free.
|
Anonymous |
Quote |
Sep 22nd 2014 6 years ago |
Even though it's a hard-fail, it's a mess. 474 characters all jammed into one TXT record and including all of salesforce.com's email servers.
v=spf1 mx:3amlabs.com ip4:82.150.61.82 ip4:63.251.133.64/27 ip4:77.242.192.1 ip4:69.25.20.1 ip4:74.201.74.1 ip4:173.48.77.106 ip4:195.56.119.18 ip4:67.20.183.208/28 ip4:216.52.233.0/24 ip4:64.94.18.0/24 ip4:64.94.46.1 ip4:74.112.65.204 ip4:74.112.65.210 ip4:72.22.169.96/27 ip4:207.106.191.64/26 ip4:67.208.179.240/28 ip4:63.251.46.1 ip4:195.70.42.217 ip4:91.82.95.146 ip4:162.211.109.78 ip4:111.221.57.0/24 ip4:117.20.45.0/24 ip4:63.254.155.0/24 include:salesforce.com -all |
Anonymous |
Quote |
Sep 22nd 2014 6 years ago |
These detected with:
Sanesecurity.Malware.24300.ZipHeur.UNOFFICIAL FOUND Sanesecurity.Rogue.0hr.20140922-1644.UNOFFICIAL FOUND ClamAV 3rd Party signatures: sanesecurity.com |
Sanesecurity 21 Posts |
Quote |
Sep 23rd 2014 6 years ago |
Was stopped @ the gate by my SW TZ105 with total secure package. There is not much data on it locally but shows globally a major spike. I will have to update my thread in regards to FW suggestions.
Let me know if I can supply any other data... |
ICI2Eye 52 Posts |
Quote |
Sep 23rd 2014 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!