The Anatomy of a Phishing/Virus Attack

Although it is our desire to always be immediately available when you need us, we also know that a little education can go a long way toward prevention of a virus outbreak.  Today, the difference between an obvious fake e-mail and a legit one can be very subtle.  We get many calls asking if this or that e-mail is legit.  How do we know?  Well, we look at the message source code and look to see what is actually constructing the message in question.  Although, that process is somewhat complicated, there is something you can do too…here’s how!

Items to Note:

1. The email address listed as ‘From’ doesn’t exist in our company.
2. Our spam filter ranked this message as something looking like spam.
3. When you mouse-over (not clicking, just letting the cursor rest on top of) the HTML, a window will pop up showing you the ACTUAL link.  As you can see the ACTUAL link is pointing to the domain oikkkuy.eu.  That isn’t us, even with our domain listed preceeding the actual domain name.  We could make up something like ‘www.google.com.benjaminhill.com’ if we wanted, and redirect visitors wherever we want.  The only important part in a domain reference is the part at the end, or immediately before the ‘/’.

Although concerns 1 and 2 are valuable, only issue 3 stands alone as definitive proof of this message being bogus.  The people creating this went to great lengths to make the page that loads next, look very legitimate.  (especially for users of Microsoft Exchange’s Webmail)

Payload: You are at the mercy of your antivirus and those that wrote this…

If you clicked the link for ‘-settings-file.exe’ and then ran it, you’d likely be infected with a virus.  Your antivirus may or may not detect it, and it may or may not have immediate adverse affects.  But the honestly, the sky is the limit to what that file could do. (data loss, financial spying, credit card stealing, system or network back doors are just the tip of the iceberg.)  Literally, the people that write these programs daily dream of new ways to make lives miserable as a result.

Closing: An ounce of prevention…

It is our hope that this example will help you prevent a disaster.  Hopefully you will find these tips helpful in properly evaluating legitimate e-mail from bogus ones.  If you are ever in doubt, please call us at (502) 447-9294, and we will help you make the right determination.  You may also wish to review our general E-Mail Security Guidelines for more information.