Recently I completed the anti-virus face-off (comparing free anti-virus programs) and I found the anti-virus software with new malware, that after a couple of days they would generally find and remove the malware from emails purporting to be from invitations@twitter.com, e-cards@hallmark.com, or order-update@amazon.com.
You know the emails. They have subjects and attachments like the following:
Your friend invited you to twitter! / Invitation Card.zip
You have received A Hallmark E-Card! / Postcard.zip
Shipping update for your Amazon.com order 254-78546325-658742 / Shipping documents.zip
Then recently something weird happened. I started to see emails with the same subject and malware attachments not being picked up as malware. Surely the anti-virus software knows about these malware attachments I thought. Now that was weird so I decided to check.
As it turns out the files sizes are slightly different. My guess is the malware writers are changing the malware ever so slightly to get past the anti-virus software. This cat and mouse game between malware writers and anti-virus software vendors has been going on for months.
Normally I tell people not to worry about blocking malware as the creators continuously change the email address. But in this case the same (faked) email addresses have been used. If you don't use the services of the companies twitter.com, hallmark.com or amazon.com, then blocking the domains or filtering on the subject at the mail server may be a good way to handle these unwanted emails.
In my case I use OzEfilter so it doesn't matter how many times malware writers change the malware, since I don't want email from those email addresses, they simply get deleted at the mail server when I check the mail.
So if you think your anti-virus software is losing its memory, it isn't. The malware writers a simply changing the attachments to get past the anti-virus software.
- Kelvin Eldridge
No comments:
Post a Comment