Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Phishing link within a PDF file is not detected by Deep Discovery Analyzer (DDAN)

    • Updated:
    • 3 Apr 2019
    • Product/Version:
    • All
    • Deep Discovery Analyzer 5.All
    • Deep Discovery Analyzer 6.0
    • Deep Discovery Analyzer 6.1
    • Platform:
    • N/A N/A
Summary

A user may receive a PDF file, which contains a malicious link asking for credentials, through email. After scanning the file with Deep Discovery Analyzer (DDAN), the file passed as safe.

Details
Public

Since the URL within the PDF file is trying to harvest credentials, it can be considered as intelligence gathering rather than dropping a malicious content. This is a phishing strategy used by possible attackers.

Unfortunately, we cannot sandbox a URL that displays a login page to enter credentials. This is a not a sandboxing defense. The DDAN AI cannot enter an email address and password to input into a login page. Smart Protection Network won't be able to detect this URL. It is not possible to source every potential phishing URL.

The Web Reputation is not a filter. It is a database in the cloud which is queried by lookup and scores given for URLs. Thus, the undetected phishing link within an attached PDF file in an email is a normal.

For such phishing link, file a threat case to Trend Micro Technical Support. The URL should be uploaded and classified as phishing. The Threat Team can further check the URL and if a file is downloaded, a pattern-based detection will be created for Trend Micro products.

 
Since the DDAN 6.5 was released in March 2019 we are now using (as part of WRS) an addtional feature which uses Dynamic real-time URL Scanning in a cloud based web sandbox to detect zero-day phishing attacks

For more information, refer to the Deep Discovery Analyzer 6.5 Online Help page.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1122394
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.