[RndTbl] Emotet Email = Hijack Email Threads as follow up to Re: Fwd: Can a pdf file itself be maleware
eh at eduardhiebert.com
eh at eduardhiebert.com
Tue Feb 22 10:08:04 CST 2022
An ounce of proactive prevention is worth many pounds of cure!
Today is the first time I heard of the term Emotet email which hi-jacks
email threads and loads them with maleware especially Word and Excel
I have anticipated and guarded against this potential concept simply by
not opening attachments even from acquaintances, especially the routine
type which prefer esthetics over safety.
European sites have stricter safety protocols but are not perfect. One
site suggested using haveibeenpwned.com/NotifyMe to verify if Emotet
has your email address. On second thought whether Emotet has ones email
address is almost irrelevent. What is important if they have hacked
ones account. Is this worth checking out by anyone who can do so safely?
For reference please see
Gefährlicher Trojaner: So überprüfen Sie, ob Emotet Ihre ...
[Search domain t-online.de] https://www.t-online.de › digital ›
internet › id_89956954 ›
So überprüfen Sie, ob Emotet Ihre Mailadresse hatte Und so können
Sie überprüfen, ob Ihre Mailadresse in der Liste auftaucht: 1. Gehen Sie
auf die Webseite "haveibeenpwned.com/NotifyMe". Geben Sie...
More importantly there are reputable software download sites. In a
similar vain are there safe practice sites which would help verify if a
site is clean or not. As sometimes good sites are simply not up to
date and Firefox for example makes no further distinctions.
-------- Original Message --------
Subject: Re: [RndTbl] Fwd: Can a pdf file itself be maleware
Date: 2022-01-20 19:26
From: eh at eduardhiebert.com
To: Continuation of Round Table discussion <roundtable at muug.ca>
Reply-To: Continuation of Round Table discussion <roundtable at muug.ca>
Bringing this to a conclusion, what a breadth of helpful information!
I can clearly now more knowingly, be safer and my thanks to all who
I will be putting this to more use among my contacts, minus the names
I advance one caveat. With the ongoing tech and means advancements over
time, one growing vulnerability may arise that email attachments even
when expected from known contacts may not always be safe because with
more smarts, they could be breached and the bad actors then lie in wait
until the parties bases their collaboration practices once identified
then become potential risk exposure events.
Oh? And one last thing if someone knows why and how to undo. I copied
and pasted several as per below, but Bitters would not copy/paste unless
I did it paragraph by paragraph.
Seems to have a hyperlink inside the PDF that actually leads you to the
malicious software. So maybe that's one way it gets past virus
detection. It relies on the user to grab a secondary file from the
hyperlink. I might set up a VM later and see where the rabbit hole
leads. Most likely a keylogger if anything at all.
Checked out the link. It's one of the worst fake logins I have ever seen
On 19/01/2022 12:57 PM, John Lange wrote:
> Ok, so it turns out it is a straight up credential stealing phish
> attack.It's a link to a website that links to another website with a
> fake o365 login. Since there is no executable it escapes malware
> detection. I would still have thought it would get black-listed based
> on the URL in the PDF but I guess that shows how weak standard
> filtering is. I suspect the PDF in the URL is uniquely generated for
> each email attachment so it can't be easily black-listed.
> On 18/01/2022 9:15 PM, Adam Thompson wrote:
>> PDF files can be malicious.
>> , there have been several PDF zero-day flaws in the past: there could
>> be more to come.
>> No attachment is safe like opening an email... and if you talk to
>> security experts, they can come up with examples of how just opening
>> an email can be a problem, too .
>> General rule of thumb: do not open any attachments, ever. The
>> exception is if you know the sender and are expecting an attachment
>> from them.
>> If you must open an unknown attachment (and do not have a sandboxed
>> system where you can do so safely), save it first, make sure it gets
>> or automatically got scanned, then open it.
On 19/01/2022 6:45 PM, Brian Lowe wrote:
> is from the abstract of a paper published by the IEEE in 2014:
> An emerging threat vector, embedded malware inside popular document
> formats, has become rampant since 2008.Owed to its wide-spread use and
> embedded exploits . Unfortunately, existing defenses are limited in
> effectiveness, vulnerable to evasion, or computationally expensive to
> be employed as an on-line protection system. In this paper, we propose
> a context-aware approach for detection and confinement of malicious
Paper (ironically, a PDF) at
Roundtable mailing list
Roundtable at muug.ca
More information about the Roundtable