The lion share of malware today is sent via email.

Here’s one I got today and it’s pretty typical of this sort of attack.

sample email zip attack


It’s pretty obvious to me that this isn’t real, so I just delete it.

But some people are busy or distracted or maybe they don’t know any better….so the double click on the attachment and get this:sample email zip attachement


If they double click on that important looking ‘Reference.exe’ file, Window Explorer will save the file to a temporary location and open it.

In this case, Reference.exe is the ‘Alot’ ad-ware and would probably annoy you to know end.

But since we have ICE installed, this is what happened instead:

  1. the double click on the attachment worked
  2. but double clicking on ‘Reference.exe” resulted with this message because ICE is preventing the .exe from written to the hard extract blocked failure
  3. This is what the activity that ICE recordedICE reporting on failed zip extraction



My mother would have opened this email and I would be spending time cleaning it up.