Phishing.gen virus

Discussion in 'NOD32 version 2 Forum' started by Holden4th, Apr 22, 2005.

Thread Status:
Not open for further replies.
  1. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    Have had this appear in my e-mail (from different senders) for the last 3 days. NOD 32 picked it up every time thank goodness. I've asked NOD to delete this file but when my e-mail screen finally comes up the message is still there. I then send the message to trash and empty the trash. Am I OK doing this. Why didn't the e-mail vanish after I asked NOD to delete it?

    What is this virus and what does it do?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's possible to delete attachments only.
     
  3. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    See this
     
  4. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    Thanks for the reply and the site. I know what phishing is and what it can do. In this case I wondered what this particular virus was targetting? Is it a keylogger, or is it after other information? I didn't (and wouldn't have) opened the e-mail as I didn't know who it was from.

    There are only a select group of people who have this particular e-mail address so I also want to know how the hell my address was targetted. I don't use it to reply to my Internet dealings and have been very circumspect about which commercial companies I contact using this address. For example, I used this address to pay for and register Feurio and will do the same for NOD32 but anything else, forget it. Maybe it's been trawled from one of my friends. The other likelihood is that it's been got at through the system at work!
     
  5. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    Received another one which I had a close look at under quarantine. There was a file attached called "audio.gif". I selected "delete this file" and NOD32 duly obliged though the attachment still seemed to be there. Strange? I opened the message but it was blank, though there was previous reference in the NOD32 alert to the message being in HTML. I'm assuming that NOD32 removed the actual message itself which raises a question. Can you get a virus/trojan through an HTML e-mail message? I know you can't get one with an ASCII text message (because nothing in ASCII is executable) but is HTML different? I didn't try to open the attachment. If I had I wonder what would have happened. Is this a new type of phishing attack?
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The HTML Phising trojan is merely an HTML email with a link to the attacker's website. Its aim is to deceive the recipient by pretending to be sent from a bank autohority in order to make the recipient fill in confidential data about his/her account on their website. Apart from that, there's nothing dangerous.
     
  7. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    So have in mind the 'plain text' selection for the emails in NOD32.
     
  8. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    This e-mail had nothing to do with bank sites. I'll post the sender etc when I get the next one.
     
  9. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Doesn't have to be a bank site. Could be the PayPal scam for example. There are many different phishing "schemes" (most of them are to steal or fool you into giving away your bank account details), and if NOD32 had a generic detection of it, it's not so easy pin-pointing which phishing scheme you got exactly.
     
Thread Status:
Not open for further replies.