Endpoint Protection

 View Only

  • 1.  New Phishing threat

    Posted Feb 21, 2019 10:16 AM

    Hello,

    There is a new phishing threat that deletes the url links from office document (.xml.rels) If this type of files is tempered with will anti-virus block it? Is there something in the works for addressing this issue? For full explaination see link below

    Thanks

    https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing-email-url-filters/

     

     



  • 2.  RE: New Phishing threat
    Best Answer

    Posted Feb 21, 2019 10:26 AM

    If malware comes down thru it than SEP should be able to mitigate otherwise SEP has limited capability against phishing. Read thru this article:

    https://www.symantec.com/docs/TECH231042

    You'll want to block this with your gateway mail security/anti-phishing product based on what I read from the link you posted.



  • 3.  RE: New Phishing threat

    Posted Feb 21, 2019 10:44 AM

    It would just be a bad URL, no malware. But the file would have been tempered with. I wounder if anti-virus would be able to see that and maybe stop the file?

     



  • 4.  RE: New Phishing threat

    Posted Feb 21, 2019 10:50 AM

    Not the AV component but MAYBE one of the other components such as heuristic detection or SONAR. 



  • 5.  RE: New Phishing threat

    Posted Feb 21, 2019 10:59 AM

    Do you know if Symantec is working on detection?

     



  • 6.  RE: New Phishing threat

    Posted Feb 21, 2019 11:03 AM

    No idea, just a customer.



  • 7.  RE: New Phishing threat

    Posted Feb 21, 2019 11:07 AM

    Thanks