www.f-secure.com Open in urlscan Pro
2a02:26f0:3500:29f::1690  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Javascript is disabled in your web browser

For full functionality of this site it is necessary to enable JavaScript. Here
are the instructions how to enable JavaScript in your web browser .

 * Community

   --------------------------------------------------------------------------------

 * User Guides

   --------------------------------------------------------------------------------

 * Support
   * Threat Descriptions
     * Classification Guide
     * Classifying Potentially Unwanted Applications (PUAs)
     * Terminology
     * General Removal Instructions
   * Articles
     * Dealing with passwords
     * Securing the browser
     * Botnet
     * Crypto-ransomware
     * Denial of Service (DoS)
     * Detection
     * Exploit kit
     * Virus
     * Trojan
     * Vulnerability
     * Worm

Threat Descriptons


TROJAN.DOC.PHISHING

CLASSIFICATION

Category :

Malware

Type :

Trojan

Platform :

W32

Aliases :

Trojan.Phishing.[variant], Trojan.Doc.Phishing.[variant]


SUMMARY

This detection indicates that the detected file is a phishing-trojan - a
document file that is designed to look legitimate, but actually serves as a
delivery vehicle for harmful programs. If the file is opened, embedded code will
either drop and install a harmful program onto the user's device, or will
download additional harmful components from a remote site to install.


REMOVAL


AUTOMATIC ACTION

Based on the settings of your F-Secure security product, it will either move the
file to the quarantine where it cannot spread or cause harm, or remove it.


SUSPECT A FILE IS INCORRECTLY DETECTED (A FALSE POSITIVE)?

A False Positive is when a file is incorrectly detected as harmful, usually
because its code or behavior resembles known harmful programs. A False Positive
will usually be fixed in a subsequent database update without any action needed
on your part. If you wish, you may also:

 * Check for the latest database updates
   
   First check if your F-Secure security program is using the latest updates,
   then try scanning the file again.

 * Submit a sample
   
   After checking, if you still believe the file is incorrectly detected, you
   can submit a sample of it for re-analysis.
   
   Note: If the file was moved to quarantine, you need to collect the file from
   quarantine before you can submit it.

 * Exclude a file from further scanning
   
   If you are certain that the file is safe and want to continue using it, you
   can exclude it from further scanning by the F-Secure security product.
   
   Note: You need administrative rights to change the settings.


TECHNICAL DETAILS

The email messages used to deliver phishing-trojans are typically designed to
look like normal business communications, often related to taxes, invoicing,
deliveries, salaries or other work-related matters. They may also use the
branding or names of legitimate companies to further the impression of
authenticity. Such messages are also known as phishing emails.

The attached files are most frequently Microsoft Office documents (Word, Excel,
etc), though PDF, HTML or ZIP files are also common. The files usually use
fairly innocuous file names, such as 'Invoice', or 'Delivery statement'. to give
the impression that they are legitimate.

The careful crafting of the email message and file attachments to appear
authentic are all examples of social engineering.


DECOY DOCUMENTS AND ENABLING MACROS

If the user opens the file, most will also display an authentic-looking document
as a decoy, to distract the user from any unauthorized actions that occur in the
background.

If the file is a Microsoft Office document, and the user's Office settings
disable macros by default, a notification message may be displayed asking the
user to enable macros, supposedly so that they can view the document contents
correctly. In reality, doing so would allow the malicious code embedded in the
document to run and install malware on the device.


INSTALLING MALWARE

If the attached file is opened, code embedded in it will run and either:

 * Drop a malicious component or program contained in the file onto the device
   and install it OR
 * Contact a remote server and download a malicious component or program from
   the server onto the device

The specific harmful program installed onto the device varies, and may be
separately detected by security products.


PEACE OF MIND AGAINST ONLINE THREATS

F-Secure Total is a security suite that protects all your phones and computers
in real time, 24/7 and with award-winning accuracy. Read more about Total and
try it free for 30 days, no credit card required.

Read more about Total

MORE SUPPORT

Community

Ask questions in our Community .

User Guides

Check the user guide for instructions.

Contact Support

Chat with or call an expert.



Submit a Sample

Submit a file or URL for analysis.

F-Secure makes every digital moment more secure, for everyone.


Store
 * Products
 * Renew subscription
 * Articles
 * Free tools
 * Download
 * My F-Secure
 * Contact support

For Partners
 * Why partner with us?
 * For operators
 * For retail
 * For banks
 * For insurers
 * For utilities
 * Affiliate program
 * Contact sales

Company
 * About us
 * Join us
 * For investors
 * For media
 * F-Secure blog
 * Contact info



 * © F-Secure 2023

 * Terms of service
 * Privacy policy
 * Cookies

 * © F-Secure 2023


WE USE COOKIES TO IMPROVE YOUR EXPERIENCE

We use cookies to improve your experience on this and other websites. Cookies
are text files stored by your browser. They contain information that helps us
tailor the content you see on F‑Secure pages, aggregate statistics of site usage
and performance, and offer more relevant advertisements of our products and
services elsewhere on the web. Accepting all cookies provides you with a better
user experience. By using F‑Secure websites, you accept the use of cookies. By
declining you opt-out from optional cookies. You may also adjust your settings
to disable certain optional cookies.

Accept all Decline

Change settings


COOKIE SETTINGS

FUNCTIONAL COOKIES

ALWAYS ON

These cookies are required for our website to work properly or by regulations
that apply to us, and cannot be turned off. Among other things, they take care
of secure login sessions to the My F‑Secure service, storing your country of
origin, and remembering the cookie preferences you select.

PERFORMANCE COOKIES

ALWAYS ON

These cookies help us collect statistics of how you and other customers use our
website. We always look at aggregate data, and nothing about you, personally, is
stored. Performance cookies also allow us to run A/B tests on our site and
tailor its content based on your device type, for example.

PERSONALISATION COOKIES

ON OFF

These cookies help us personalise the content and offers we provide to you,
based on your usage of our website and other digital plat­forms. This ensures we
can always offer you the content and information that benefits you the most.

MARKETING COOKIES

ON OFF

These cookies are mostly set by advertisement platform providers such as Google
or Facebook. They help us decipher, based on your actions on our site, which of
our products, services, and offers are the most relevant for you. We use this
data to tailor the ads you see on other websites.

F‑Secure website privacy policy
Save and exit Back