Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches, Travel Reviews & Photos

The email is directed at members of ICAS (Institute of Chartered Accountants of Scotland). Someone has scrapped off the members list and partly customised the email. Normally no personal or business details are added. By adding details it is far more convincing. Note no intro (Dear John) or proper ending (Regards, Maria of Complaints Department). IP/Server is within Germany whereas the real membership body is Scottish based.

The file which is a DOCM. Standard Microsoft Word files end with .DOC or .DOCX. The “M” stands for macro which is a type of embedded code. Note the “!” warning it can contain active code.

Virus Total scans files using 51 engines and only 1/6 detected it. Three hours before only 6/51.

Jotti another scanning website had a detection of 4/22!

On many occasions I have seen antivirus scanner miss not massively advanced malware. With 100k+ new viruses a day antivirus vendors cannot keep it. What is needed is a multi-aspect and layered approach. Specialist technology to catch infected website, another layer scanning websites and the third layer covering the endpoint computer (USBs, CDs etc).