Author Topic: Fake avast! 5 email is spam or a phish ???  (Read 3255 times)

0 Members and 1 Guest are viewing this topic.

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
Fake avast! 5 email is spam or a phish ???
« on: September 10, 2012, 06:51:25 AM »
Just received the following email - is it fake?

Quote
From: avast! 5
Sent: Monday, September 10, 2012 12:46 AM
Subject: [avast! heuristic - WARNING]

Very suspicious extension of attachment

Sender:  [my wife's email]
Recipient:  [my email]
Subject:  Fwd: Fw: paper

Look at the signs -
1)  The "From" is "avast! 5".  That's it - there is no underlying true email address.
2)  The message is ungrammatical and meaningless:  "Very suspicious extension of attachment"
3)  The email states the "Sender: ... Recipient: ..." as you see it above.  Why?  Did my wife's PC (which also has Avast!) send me this email? 
4)  In all my existing emails, none has a Subject with the work "Paper" in it.
5)  Both my wife's PC and mine have Avast 7, not 5.

If this is a phish or a fake, as I believe, why was it sent?  What's the benefit?  There is no attachment.

Thanks.
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85594
  • No support PMs thanks
Re: Fake avast! 5 email is spam or a phish ???
« Reply #1 on: September 10, 2012, 03:12:50 PM »
I have no idea of the email settings (on both systems or email programs), so I can't say for certain, but this looks like it could be avast alerting on an email. But it doesn't look exactly like the current avast email alert/branding format on an email detection so it could be fake.

To start with this if it were an incoming email with a suspicious email attachment, avast should have alerted. Either on your wife's system when sent (if scanning outbound email) or on your system when received (if not sent by her). So did either of you get an alert ?

The avast alerts:
Would change the Subject (appending as a warning to prevent the user opening the email, seems that would fail if you are opening it to do this checking.

I believe it would also remove the suspect attachment.
Since the email is supposed to have come from your wife's email account, not necessarily here computer it could have been faked too. So I wouldn't expect you to have a subject of Work in your existing emails even if this is/was legit.

~~~~
I sent myself an email with a file attached (.mht file type) that I know would trigger the suspect attachment check. However, my settings are likely to differ from yours, as I have the Mail Shield, Expert Settings, Actions set to Ask as the Primary (and Secondary action to No Action) rather than Move to Chest, etc. For the test I didn't scan outbound email.

See images.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lecomo

  • Newbie
  • *
  • Posts: 1
Re: Fake avast! 5 email is spam or a phish ???
« Reply #2 on: October 12, 2012, 01:03:39 PM »
Hi Everyone

Greeting

I am having similar problem. The mail is being forwarded by Gmail to my Thunderbird Client with pdf file as an attachment.

I can open the attachment in Gmail without problem but when received in Thunderbird which is scanned by AVAST , I receive the message "Very suspicious extension of attachment". Any solution yet o this problem?

Lecomo

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85594
  • No support PMs thanks
Re: Fake avast! 5 email is spam or a phish ???
« Reply #3 on: October 12, 2012, 01:48:05 PM »
Are you sure it is a pdf attachment (not a double file extension) ?

I have just sent myself an email using Thunderbird with a .pdf file attached (see images, click to expand) and it passed outbound checking and also inbound scan.

Have you made any changes to the avast Mail Shield settings ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37099
Re: Fake avast! 5 email is spam or a phish ???
« Reply #4 on: October 12, 2012, 02:01:25 PM »
upload attachment to www.virustotal.com and test with 40+ malware scanners

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 710
  • A Good Old Indian!
Re: Fake avast! 5 email is spam or a phish ???
« Reply #5 on: October 12, 2012, 02:05:32 PM »
if it is found malicious via virustotal.com and avast doesnt detect it..

send to the file to avast virus lab from here: www.avast.com/contacts