plat1098

Level 6
Verified
I've used this tool b/c your stolen passwords, published email address, and liberal clicks of the "subscribe" button will open the floodgates for malicious spam. Probably more sophisticated people around here have much better tools and tactics like using junk email addresses and password generators in social contexts. I get maybe just 10 spam emails per week and I know the origin of all of them. This article reinforced the need to take a closer look before mindlessly clicking. Keep your best self private.

Sadly, would you say people who are lonely and socially isolated are more vulnerable to opening these attachments? The bad guys know the weaknesses of people and exploit them, often without conscience. One of the most fascinating threads I followed was the mindset of a cyber criminal, the rationalizing and utter contempt for those he (she) strives to victimize, as well as rogue nations who profit mightily from the proceeds of crimes like this.
 

Der.Reisende

Level 38
Content Creator
Trusted
Malware Hunter
Verified
Ok, I'm missing multi-extension ones to trick users (known file extensions are off by default on Windows) (like jpg.exe), .exe and all highly suspicious .js / .jse / .vbe (all most likely in an archive (.zip / .7z,... to evade AV detection)) and now maybe .jpg with Steganography attack technique.
No idea if .jar (like #Adwind RAT) is also spread by malspam? Most likely yes and targeted.

These are just guesses, based on uploads to HybridAnalysis, most of them have the subject "invoice" or the equivalent language name. I don't receive big amounts of spam thanks god, and next to never with suspicious attachments.

Anyway, thanks for the nice share @JM Security!
 

JM Safe

From Zemana
Developer
Verified
Ok, I'm missing multi-extension ones to trick users (known file extensions are off by default on Windows) (like jpg.exe), .exe and all highly suspicious .js / .jse / .vbe (all most likely in an archive (.zip / .7z,... to evade AV detection)) and now maybe .jpg with Steganography attack technique.
No idea if .jar (like #Adwind RAT) is also spread by malspam? Most likely yes and targeted.

These are just guesses, based on uploads to HybridAnalysis, most of them have the subject "invoice" or the equivalent language name. I don't receive big amounts of spam thanks god, and next to never with suspicious attachments.

Anyway, thanks for the nice share @JM Security!
Thanks for your reply friend :)
 

BryanB

Level 17
Verified
You only open email in a vm or shadow defender? if yes, do you recommend this for others, I ask with no agenda :emoji_expressionless:
 
  • Like
Reactions: JM Safe

notabot

Level 8
That is done already, but i prefer prevent before this point.
You don't need to block if it is not on the real system.
I think the risk for both setups is roughly the same - in both cases the OS kernel is the security bottleneck ( + potential flaws in each sandbox ).
 

Andy Ful

Level 40
Content Creator
Trusted
Verified
Sandboxing can be probably the safest, but if you make it safest then it will also be the least usable for most users. The kernel exploits are less dangerous if you use restricted setup (SRP, Anti-Exe, etc.), because less stuff (and less exploits) will be executed in the system.
So, usually people use the Sandboxing only for the most vulnerable applications like browsers, document viewers/editors, etc. For the rest stuff the other solutions are more comfortable.
For example ReHIPS (liked by @Umbra) can be used as a hybrid of Sandboxing + Programs Hardening + Anti-Exe.
If you like default-deny SRP, then you must be cautious with the vulnerable software (if whitelisted). That is why such software usually has got some in-built security (sandbox/AppContainer).