[RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification

Adam Thompson athompso at athompso.net
Wed Jan 19 10:10:07 CST 2022 

You are correct, although getting your payload to be executed or even opened could be difficult, since AFAIK none of the apps that can read .docx (et al.) files will blindly read everything inside the ZIP container.
Every anti-malware engine I know of also knows how to detect zip files and scan inside them.
So it's still useful vector in certain ways, but it's not the open door it once was.
-Adam

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Roundtable <roundtable-bounces at muug.ca> on behalf of Bitters <bittercake2329 at gmail.com>
Sent: Wednesday, January 19, 2022 9:50:38 AM
To: Continuation of Round Table discussion <roundtable at muug.ca>
Subject: Re: [RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification

Aren't most Word/PDF files just straight up a ZIP file? So you could easily unzip a word file. Upload your malware or whatever you have. Rezip the file and send it to your target or am I not remembering it correctly?

On Tue, Jan 18, 2022 at 9:17 PM Adam Thompson <athompso at athompso.net<mailto:athompso at athompso.net>> wrote:
Actually, I will make one comment about an obvious red flag: From: Accounting Clerk, but the email address is some random Gmail address?  That's a giant nope for me.  Instant delete.
-Adam

Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Roundtable <roundtable-bounces at muug.ca<mailto:roundtable-bounces at muug.ca>> on behalf of eh at eduardhiebert.com<mailto:eh at eduardhiebert.com> <eh at eduardhiebert.com<mailto:eh at eduardhiebert.com>>
Sent: Tuesday, January 18, 2022 9:00:08 PM
To: roundtable at muug.ca<mailto:roundtable at muug.ca> <roundtable at muug.ca<mailto:roundtable at muug.ca>>
Subject: [RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification


Hi,

This is likely phishing spam and passing around for further information.

Just opening an email without clicking on anything I understand can be
safe.

I would rather ask than be sorry.    Is this also true of pdf files?

If someone can open safely I would like to have a sense who is behind
this one.

Thanks,

Eduard


-------- Forwarded Message --------

                 SUBJECT:
                 FW: remittance Message Payment Status Notification

                 DATE:
                 Wed, 19 Jan 2022 06:15:45 +0800

                 FROM:
                 Accounting Clerk <michaelgarnett1233 at gmail.com<mailto:michaelgarnett1233 at gmail.com>>

Hello,

Open Attached PDF to confirm remittance info.

TRYR GROUP ACCOUNT

Account clerk

11524 Scenic Hills Blvd

-------------------------
_______________________________________________
Roundtable mailing list
Roundtable at muug.ca<mailto:Roundtable at muug.ca>
https://muug.ca/mailman/listinfo/roundtable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20220119/8ac2f796/attachment.htm>

More information about the Roundtable mailing list