www.f-secure.com
Open in
urlscan Pro
2a02:26f0:3500:29f::1690
Public Scan
Submitted URL: https://protect-usb.mimecast.com/s/IE8PCwn6A4fOX5SKK4nl?domain=cgi.f-secure.com
Effective URL: https://www.f-secure.com/v-descs/trojan-doc-phishing.shtml
Submission: On July 20 via manual from US — Scanned from DE
Effective URL: https://www.f-secure.com/v-descs/trojan-doc-phishing.shtml
Submission: On July 20 via manual from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser . * Community -------------------------------------------------------------------------------- * User Guides -------------------------------------------------------------------------------- * Support * Threat Descriptions * Classification Guide * Classifying Potentially Unwanted Applications (PUAs) * Terminology * General Removal Instructions * Articles * Dealing with passwords * Securing the browser * Botnet * Crypto-ransomware * Denial of Service (DoS) * Detection * Exploit kit * Virus * Trojan * Vulnerability * Worm Threat Descriptons TROJAN.DOC.PHISHING CLASSIFICATION Category : Malware Type : Trojan Platform : W32 Aliases : Trojan.Phishing.[variant], Trojan.Doc.Phishing.[variant] SUMMARY This detection indicates that the detected file is a phishing-trojan - a document file that is designed to look legitimate, but actually serves as a delivery vehicle for harmful programs. If the file is opened, embedded code will either drop and install a harmful program onto the user's device, or will download additional harmful components from a remote site to install. REMOVAL AUTOMATIC ACTION Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it. SUSPECT A FILE IS INCORRECTLY DETECTED (A FALSE POSITIVE)? A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also: * Check for the latest database updates First check if your F-Secure security program is using the latest updates, then try scanning the file again. * Submit a sample After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis. Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it. * Exclude a file from further scanning If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product. Note: You need administrative rights to change the settings. TECHNICAL DETAILS The email messages used to deliver phishing-trojans are typically designed to look like normal business communications, often related to taxes, invoicing, deliveries, salaries or other work-related matters. They may also use the branding or names of legitimate companies to further the impression of authenticity. Such messages are also known as phishing emails. The attached files are most frequently Microsoft Office documents (Word, Excel, etc), though PDF, HTML or ZIP files are also common. The files usually use fairly innocuous file names, such as 'Invoice', or 'Delivery statement'. to give the impression that they are legitimate. The careful crafting of the email message and file attachments to appear authentic are all examples of social engineering. DECOY DOCUMENTS AND ENABLING MACROS If the user opens the file, most will also display an authentic-looking document as a decoy, to distract the user from any unauthorized actions that occur in the background. If the file is a Microsoft Office document, and the user's Office settings disable macros by default, a notification message may be displayed asking the user to enable macros, supposedly so that they can view the document contents correctly. In reality, doing so would allow the malicious code embedded in the document to run and install malware on the device. INSTALLING MALWARE If the attached file is opened, code embedded in it will run and either: * Drop a malicious component or program contained in the file onto the device and install it OR * Contact a remote server and download a malicious component or program from the server onto the device The specific harmful program installed onto the device varies, and may be separately detected by security products. PEACE OF MIND AGAINST ONLINE THREATS F-Secure Total is a security suite that protects all your phones and computers in real time, 24/7 and with award-winning accuracy. Read more about Total and try it free for 30 days, no credit card required. Read more about Total MORE SUPPORT Community Ask questions in our Community . User Guides Check the user guide for instructions. Contact Support Chat with or call an expert. Submit a Sample Submit a file or URL for analysis. F-Secure makes every digital moment more secure, for everyone. Store * Products * Renew subscription * Articles * Free tools * Download * My F-Secure * Contact support For Partners * Why partner with us? * For operators * For retail * For banks * For insurers * For utilities * Affiliate program * Contact sales Company * About us * Join us * For investors * For media * F-Secure blog * Contact info * © F-Secure 2023 * Terms of service * Privacy policy * Cookies * © F-Secure 2023 WE USE COOKIES TO IMPROVE YOUR EXPERIENCE We use cookies to improve your experience on this and other websites. Cookies are text files stored by your browser. They contain information that helps us tailor the content you see on F‑Secure pages, aggregate statistics of site usage and performance, and offer more relevant advertisements of our products and services elsewhere on the web. Accepting all cookies provides you with a better user experience. By using F‑Secure websites, you accept the use of cookies. By declining you opt-out from optional cookies. You may also adjust your settings to disable certain optional cookies. Accept all Decline Change settings COOKIE SETTINGS FUNCTIONAL COOKIES ALWAYS ON These cookies are required for our website to work properly or by regulations that apply to us, and cannot be turned off. Among other things, they take care of secure login sessions to the My F‑Secure service, storing your country of origin, and remembering the cookie preferences you select. PERFORMANCE COOKIES ALWAYS ON These cookies help us collect statistics of how you and other customers use our website. We always look at aggregate data, and nothing about you, personally, is stored. Performance cookies also allow us to run A/B tests on our site and tailor its content based on your device type, for example. PERSONALISATION COOKIES ON OFF These cookies help us personalise the content and offers we provide to you, based on your usage of our website and other digital platforms. This ensures we can always offer you the content and information that benefits you the most. MARKETING COOKIES ON OFF These cookies are mostly set by advertisement platform providers such as Google or Facebook. They help us decipher, based on your actions on our site, which of our products, services, and offers are the most relevant for you. We use this data to tailor the ads you see on other websites. F‑Secure website privacy policy Save and exit Back