[RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification
J. King
jking at jkingweb.ca
Wed Jan 19 11:22:27 CST 2022
On Wed, 2022-01-19 at 10:39 -0600, John Lange wrote:
> For what it's worth, I downloaded this file and scanned it with
> Windows Defender and it came back clean. I also uploaded it to a
> (free) 3rd party malware detection site which reported "No security
> vendors and no sandboxes flagged this file as malicious". So it
> appears it is just a normal phishing attack and not a malware attack.
> That being said, since it is so obviously a phish, there is no reason
> to actually open it which puts you at risk of some zero-day attack.
>
> I'm actually amazed the original post didn't get caught in spam
> filters.
If you're referring to the message Eduard sent to the list, it's not
that surprising. These days spam filters mostly rely on sender
reputation and authentication, and the message looking like what it
claims to be structurally; analysis of the text content of the message
is an unreliable indicator, though it can tip the scales when other red
flags are present. Eduard's having forwarded the spammy message (and
then the list doing likewise) destroyed both the original sender
information and the original structure, so it looks like what it is: a
legitimate user sending a legitimate message through a legitimate
mailing list.
According to the header of what I received on my end, both MUUG's MTA
and my own barely found it spammy. It seems they were only suspicious
at all because there was no authentication information (SPF, DKIM,
DMARC, ARC) attributable to Eduard's message.
--
J. King <jking at jkingweb.ca>
More information about the Roundtable
mailing list