[clamav-users] Be wary of emails with attachments targeting clamav-users list members
Paul Kosinski
clamav-users at iment.com
Wed Mar 22 17:35:03 UTC 2023
I have just started getting these claiming to be relevant to ClamAV, but I have *also* been receiving this sort of thing claiming to be from the Firefox ESR list for months now.
I am posting (one of) the HTMLs "about" ClamAV to https://www.clamav.net/reports/malware. Should I also post (one of) the Firefox phishes? (In fact, I have several of each, but it quickly gets tedious.)
On Wed, 22 Mar 2023 16:48:32 +0000
"Micah Snyder \(micasnyd\) via clamav-users" <clamav-users at lists.clamav.net> wrote:
> All,
>
> Some users have reported receiving emails that appear to be a reply to a clamav-users mailing list thread but are in fact a phishing attempt have attached malware.
>
> Most recently, Marc reported receiving an email that appeared to be a reply to an older clamav-users mailing list thread but was in fact a direct email targeting him. It had this fairly generic phishing text:
>
> "Would you please look through the last agreement? I have attached some extra details about it."
>
> The attached file was some small HTML file containing malicious obfuscated javascript.
>
> This isn't the first time we've heard of this type of phishing using our mailing list archives. Please be careful when you see any sort of attachment, even if it appears to be from this community.
>
> If you receive this sort of phishing email, please report the attached HTML file to https://www.clamav.net/reports/malware
>
> Regards,
> Micah
>
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
More information about the clamav-users
mailing list