Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: glnz on September 10, 2012, 06:51:25 AM

Title: Fake avast! 5 email is spam or a phish ???
Post by: glnz on September 10, 2012, 06:51:25 AM
Just received the following email - is it fake?

From: avast! 5
Sent: Monday, September 10, 2012 12:46 AM
Subject: [avast! heuristic - WARNING]

Very suspicious extension of attachment

Sender:  [my wife's email]
Recipient:  [my email]
Subject:  Fwd: Fw: paper

Look at the signs -
1)  The "From" is "avast! 5".  That's it - there is no underlying true email address.
2)  The message is ungrammatical and meaningless:  "Very suspicious extension of attachment"
3)  The email states the "Sender: ... Recipient: ..." as you see it above.  Why?  Did my wife's PC (which also has Avast!) send me this email? 
4)  In all my existing emails, none has a Subject with the work "Paper" in it.
5)  Both my wife's PC and mine have Avast 7, not 5.

If this is a phish or a fake, as I believe, why was it sent?  What's the benefit?  There is no attachment.

Title: Re: Fake avast! 5 email is spam or a phish ???
Post by: DavidR on September 10, 2012, 03:12:50 PM
I have no idea of the email settings (on both systems or email programs), so I can't say for certain, but this looks like it could be avast alerting on an email. But it doesn't look exactly like the current avast email alert/branding format on an email detection so it could be fake.

To start with this if it were an incoming email with a suspicious email attachment, avast should have alerted. Either on your wife's system when sent (if scanning outbound email) or on your system when received (if not sent by her). So did either of you get an alert ?

The avast alerts:
Would change the Subject (appending as a warning to prevent the user opening the email, seems that would fail if you are opening it to do this checking.

I believe it would also remove the suspect attachment.
Since the email is supposed to have come from your wife's email account, not necessarily here computer it could have been faked too. So I wouldn't expect you to have a subject of Work in your existing emails even if this is/was legit.

I sent myself an email with a file attached (.mht file type) that I know would trigger the suspect attachment check. However, my settings are likely to differ from yours, as I have the Mail Shield, Expert Settings, Actions set to Ask as the Primary (and Secondary action to No Action) rather than Move to Chest, etc. For the test I didn't scan outbound email.

See images.
Title: Re: Fake avast! 5 email is spam or a phish ???
Post by: Lecomo on October 12, 2012, 01:03:39 PM
Hi Everyone


I am having similar problem. The mail is being forwarded by Gmail to my Thunderbird Client with pdf file as an attachment.

I can open the attachment in Gmail without problem but when received in Thunderbird which is scanned by AVAST , I receive the message "Very suspicious extension of attachment". Any solution yet o this problem?

Title: Re: Fake avast! 5 email is spam or a phish ???
Post by: DavidR on October 12, 2012, 01:48:05 PM
Are you sure it is a pdf attachment (not a double file extension) ?

I have just sent myself an email using Thunderbird with a .pdf file attached (see images, click to expand) and it passed outbound checking and also inbound scan.

Have you made any changes to the avast Mail Shield settings ?
Title: Re: Fake avast! 5 email is spam or a phish ???
Post by: Pondus on October 12, 2012, 02:01:25 PM
upload attachment to www.virustotal.com and test with 40+ malware scanners
Title: Re: Fake avast! 5 email is spam or a phish ???
Post by: True Indian on October 12, 2012, 02:05:32 PM
if it is found malicious via virustotal.com and avast doesnt detect it..

send to the file to avast virus lab from here: www.avast.com/contacts