Phishing in Emails

Discussion in 'NOD32 version 2 Forum' started by Eliot, May 27, 2006.

Thread Status:
Not open for further replies.
  1. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    I have a secondary AV that I scan every now and then to compliment NOD32. NOD32 never "tags" the PayPal emails, I receive on occasion, as "phishing" in Outlook 2003. I have IMON POP3 and EMON enabled using BlackSpear's settings. Outlook is set to Higher Efficiency as well.

    Just to clarify, I delete the PayPal mails, but, only empty the deleted items folder about 1-2x a month. When I disable NOD and scan using the 2nd AV, it always alerts on the mail in the deleted items folder("phishing").

    Also to note that I have used the new KAV and it "tags" them as "phishing".

    I have often thought about using a different AV, BUT, NOD32 has no equal when it comes to detection, heuristics and light footprint on my PC.

    Any ideas to why these emails are not "alerted to me"? Is it possible for me to submit them using the "Threat Sense" like we do files?

    Regards,

    Eliot
     
  2. ASpace

    ASpace Guest


    EMON and IMON does not scan SSL encrupted messages . Is your mail using port 995 ?
     
  3. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Negative ghost rider the port is 110. :D
     
  4. ASpace

    ASpace Guest


    Then , NOD just knows you use another software which will flag them as phishing and that's why it is calm ...:D :D :D


    May be you can submit a message to support(at)eset.us
    where (at) means @

    or wait for an asnwer from Marcos (who is currently offline) ;)
     
  5. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    LOL @ NOD32 knows!

    I'll wait for Marcos or someone from Eset comes along with a recommended action to take.

    Regards,

    Eliot
     
  6. ASpace

    ASpace Guest


    At least it is funny :D
     
  7. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    I have had similar experience with the phishing detection of NOD32. It seems as if most of the messages get through. However, one of the things Marcos has pointed out is, "Does the e-mail have working links?" Once he asked this, I started checking, and by golly, most of them do not. Or at least, the e-mails have links, but when you click on them, they go nowhere, as if the fake pages have been shut down by the webhost.

    This makes me wonder if one of the things checked is whether the phishing e-mail could get you into trouble. That is, an e-mail with a link that goes to fake-ebay.com will show up as a virus only if the fake-ebay.com webpage is working.

    As for the ones with working links that *do* make it through, I have been saving the e-mail as an .eml file. I then submit that .eml file to Eset using the "Submit for analysis" button in the Quarantine section, labeling it, "undetected phishing e-mail".
     
  8. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Very good posting alglove. I'll take taht info into consideration and check it out next time I receive one of those. :)
     
Thread Status:
Not open for further replies.