[RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification

John Lange john at johnlange.ca
Wed Jan 19 10:39:50 CST 2022 

For what it's worth, I downloaded this file and scanned it with Windows
Defender and it came back clean. I also uploaded it to a (free) 3rd party
malware detection site which reported "No security vendors and no sandboxes
flagged this file as malicious". So it appears it is just a normal phishing
attack and not a malware attack. That being said, since it is so obviously
a phish, there is no reason to actually open it which puts you at risk of
some zero-day attack.

I'm actually amazed the original post didn't get caught in spam filters.

John

On Wed, Jan 19, 2022 at 10:11 AM Adam Thompson <athompso at athompso.net>
wrote:

> You are correct, although getting your payload to be executed or even opened
> could be difficult, since AFAIK none of the apps that can read .docx (et
> al.) files will blindly read everything inside the ZIP container.
> Every anti-malware engine I know of also knows how to detect zip files and
> scan inside them.
> So it's still useful vector in certain ways, but it's not the open door it
> once was.
> -Adam
>
> Get Outlook for Android <https://aka.ms/AAb9ysg>
> ------------------------------
> *From:* Roundtable <roundtable-bounces at muug.ca> on behalf of Bitters <
> bittercake2329 at gmail.com>
> *Sent:* Wednesday, January 19, 2022 9:50:38 AM
> *To:* Continuation of Round Table discussion <roundtable at muug.ca>
> *Subject:* Re: [RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW:
> remittance Message Payment Status Notification
>
> Aren't most Word/PDF files just straight up a ZIP file? So you could
> easily unzip a word file. Upload your malware or whatever you have. Rezip
> the file and send it to your target or am I not remembering it correctly?
>
> On Tue, Jan 18, 2022 at 9:17 PM Adam Thompson <athompso at athompso.net>
> wrote:
>
> Actually, I will make one comment about an obvious red flag: From:
> Accounting Clerk, but the email address is some random Gmail address?
> That's a giant nope for me.  Instant delete.
> -Adam
>
> Get Outlook for Android <https://aka.ms/AAb9ysg>
> ------------------------------
> *From:* Roundtable <roundtable-bounces at muug.ca> on behalf of
> eh at eduardhiebert.com <eh at eduardhiebert.com>
> *Sent:* Tuesday, January 18, 2022 9:00:08 PM
> *To:* roundtable at muug.ca <roundtable at muug.ca>
> *Subject:* [RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW:
> remittance Message Payment Status Notification
>
>
> Hi,
>
> This is likely phishing spam and passing around for further information.
>
> Just opening an email without clicking on anything I understand can be
> safe.
>
> I would rather ask than be sorry.    Is this also true of pdf files?
>
> If someone can open safely I would like to have a sense who is behind
> this one.
>
> Thanks,
>
> Eduard
>
>
> -------- Forwarded Message --------
>
>                  SUBJECT:
>                  FW: remittance Message Payment Status Notification
>
>                  DATE:
>                  Wed, 19 Jan 2022 06:15:45 +0800
>
>                  FROM:
>                  Accounting Clerk <michaelgarnett1233 at gmail.com>
>
> Hello,
>
> Open Attached PDF to confirm remittance info.
>
> TRYR GROUP ACCOUNT
>
> Account clerk
>
> 11524 Scenic Hills Blvd
>
> -------------------------
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca
> https://muug.ca/mailman/listinfo/roundtable
>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca
> https://muug.ca/mailman/listinfo/roundtable
>


-- 
John Lange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20220119/ee0a1404/attachment-0001.htm>

More information about the Roundtable mailing list