The tl;dr summary for those with short attention spans –┬áDon’t open the attachment, be quick to delete anything you’re not sure about, and if you want to help in the fight against phishing, report it using the guidelines I’ve outlined below. I received a pretty awesome phishing email today. It included a significant attachment that I’m looking forward to analyzing at a later date. Since it will take me a while before I’ve got the time to run the analysis, I decided I wanted to forward it around to the appropriate organizations to ensure that they take some time and analyze it and make sure other individuals can be protected from it. It turns out that there are more places[…]

Recently I’ve been receiving a lot of email in Russian. I don’t know why, does anyone? If it is spam, it’s not very effective, because I can’t read it. Would be nice if my email provider gave me a way to auto-spam all email that was in a language I didn’t have a hope of reading. I’ve received another interesting pair of emails on the same tactic. These are standard trojan/phishing attacks, but the tactic of the email is new: Bank of America Warning: Automatic Installation failed for Bank of America certificate component. The only thing you can do at the moment is to install the 4.12.2009 version from our website. That is the same application with the new publisher[…]