Email Security Alert – Corona Virus
I was wondering when I would receive my first malware/phishing email that links to the Corona Virus subject that the media is extensively covering and no dought some attackers would take advantage as people are desperate for any information around the subject.
The above email does have the telltale signs that something is amiss, but it can still fool people eager or desperately waiting for news. Let’s highlight some of the things to look out for and once again these are the simple rules you can apply to any email.
- I did not recognize the sender’s name.
- The sender’s name has no relation to the email address. “Dr. Ling” sending from “admin@”.
- I don’t get emails from Equatorial Guinea which is the domain extension used in the email address (.gq)
- My spam filter did mark the email as SPAM.
- The subject line states that it is of some importance or urgency.
- The email is addressed to “Sir/Madam” so the sender does not know who I am.
- The supposed informative document attached to the email is an HTML document. You would rather expect a PDF document if it was important information.
Let us look at the payload that the attachment delivers. Opening the attachment will not harm your computer although I strongly advise that you do not. The HTML document with some coding automatically downloads a compressed zip file and your browser will prompt you to save the file. Not the greatest method to deliver malicious software as most users at this point will have already raised an eyebrow. Examining the downloaded compress folder it contains an executable file named “Corona Prevention catalogue.exe”.
Uploading the file to an online virus scanner (I used https://www.virustotal.com/ in this case), 17 antivirus program identified it as a Trojan that injects malicious code into your computer operating system. This could be anything for creating backdoors, gathering information, logging keys pressed to just showing unwanted adware. Interestingly enough only 17 antivirus programs out of the 88 used in the online scan detected the Trojan.
I’m not endorsing virustotal.com and I don’t know how accurate they are but it once again goes to show that the best antivirus is the person sitting behind the computer.