[RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification
John Lange
john at johnlange.ca
Wed Jan 19 12:57:25 CST 2022
Ok, so it turns out it is a straight up credential stealing phish
attack.It's a link to a website that links to another website with a fake
o365 login. Since there is no executable it escapes malware detection. I
would still have thought it would get black-listed based on the URL in the
PDF but I guess that shows how weak standard filtering is. I suspect the
PDF in the URL is uniquely generated for each email attachment so it can't
be easily black-listed.
John
On Wed, Jan 19, 2022 at 12:19 PM Gilbert E. Detillieux <
gedetil at cs.umanitoba.ca> wrote:
> On 2022-01-19 12:04 p.m., eh at eduardhiebert.com wrote:
> > Lastly, forgive my lack of knowing, what does "zero-day attack" mean?
>
> Essentially, an attack that exploits a brand-new vulnerability, either
> before it has been disclosed, or on the day of disclosure (hence 0-day).
> The key point being that it's a vulnerability for which there likely
> is not yet an update, patch, or even a mitigation strategy.
>
> See also:
>
> https://en.wikipedia.org/wiki/Zero-day_(computing)
>
> Gilbert
>
> --
> Gilbert E. Detillieux E-mail: <gedetil at cs.umanitoba.ca>
> Dept. of Computer Science Web: http://cs.umanitoba.ca/~gedetil/
> University of Manitoba
> Winnipeg MB CANADA R3T 2N2
>
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca
> https://muug.ca/mailman/listinfo/roundtable
>
--
John Lange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20220119/63a8137a/attachment.htm>
More information about the Roundtable
mailing list