Stillwater Embedded Engineering

Hardware, Software, Firmware, and Everything

Phishing Phun

Another suspicious email showed up, and I decided to try out the link in an Oracle VirtualBox  machine.  The VM is a vanilla Windows XP with no virus protection.  I copied the link from the “paypal” email and pasted it into Internet Explorer on the VM.

MyMomBlackHoleEmail130206

 

To my surprise, rather than the link having any effect on the Virtual Machine, it was intercepted by AVG Free on the host machine.  I had thought the packets would be silently shuffled through the  virtual ethernet adapter to the browser in the vm.  But it seems that AVG operates on low level traffic and VirtualBox ethernet adapters are exposed to it.

I think that phuture phishing phun would best be done on a physical machine, preferably in a  DMZ.

Since AVG detected this in the process of delivering packets to a virtual machine, I have some confidence that I wouldn’t have been vulnerable even on the host machine.  Fingers crossed.  For the record, the threat was Blackhole Exploit Kit Detection.  Here’s how it looked on the Virtual Machine, along with AVG’s detection on the host.

MyMomBlackHole130206

 

Careful what you click on!

Joe W

 

Previous

Losing the Luddite Look

Next

Flex Cable Repair with Caig CircuitWriter Pen

1 Comment

  1. PK

    I’ve encountered very few phishing mails that weren’t stunningly obvious. That one sure is! But it’s an interesting point about the level at which AVG scans the network stream.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress & Theme by Anders Norén