[SANS ISC] Quick Analysis Of Phishing MSG, (Sat, May 14th)

Reader Robert submitted a phishing email (msg file).

.msg files are compound file binary format files (aka ole files), and as such can be analyzed with oledump.py.

And I have plugins specific for .msg files: plugin_msg.py and plugin_msg_summary.py.

Robert’s submission inspired me to add a small feature to plugin_msg_summary: it will now search through all streams for URLs, and report them.

This way, one can now immediately see the phishing URLs in phishing emails:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ThreatPost] Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

All posts, ThreatPost

Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.” Source: Read More (Threatpost)

Read More

[HackerNews] SafeDNS: Cloud-based Internet Security and Web Filtering Solution for MSPs

All posts, HackerNews

Remote workplace trend is getting the upper hand in 2022. A recent survey by IWG (the International Workplace Group) determined that 70% of the world’s professionals work remotely at least one day a week, with 53% based outside their workplace at least half of the week. Taking this into consideration, organizations have started looking for […]

Read More

[ZDNet] How does ExpressVPN work? Plus how to set it up and use it

All posts, ZDNet

ExpressVPN is one of our higher-rated VPNs. Here’s everything you need to get it, install it, configure it, and use it successfully. Source: Read More (Latest topics for ZDNet in Security)

Read More