Wednesday, February 5, 2014

e-mail with malware on 1 of our client.

The security box on one of our client noticed a malware attachment that is zipped  base 64 encoded ? with a payload for you to click on and get infected ....

lets look deep into the attached picture.

as you see the above section is attacks on port 25 ..our client mail server. after looking at the packets that have been captured by our full packet capture system we noticed the payload.

After decoding the payload we notice that it is a .exe for the user to run ....

this could of been easily stooped by some mail spam detection system or a good UTM box.