Malware Email: “BTC-e codes for pisto1wf1” / [email protected]

This morning I received the following email from “Barton Norman” ([email protected]) As the attachment is password protected with password “qqkz6G52N6uj” it will easily bypass most of the antispam filters as the attachments can’t be scanned. The malicious sample can’t be scanned (encrypted sample has zero VT detections- https://www.virustotal.com/en-gb/file/ab891e0185b6b488d960c1f3445378c1cee28ffe9f50845c657ab16e98f96a43/analysis/1493744207/) Once we have removed the password, it appears that… Read More »

Stop Email Fraud with SPF, DKIM, and DMARC (PART I)

What is SPF The Sender Policy Framework (SPF) is a method of fighting spam by preventing fraudsters using legitimate email addresses to send spam or other fraudulent emails. An SPF record is essentially a TXT record that allows you to specify which servers can send emails on your behalf and helps prevent these emails from getting caught in recipients’ spam… Read More »

Squid proxy and custom URL filtering

A proxy server, is a computer/appliance that acts as a gateway between a local network (e.g., all the computers at one company or in one building) and a larger-scale network such as the Internet. There are great benefits of using a proxy server such as the ability to hide the IP address of the client computer so that it can surf… Read More »