Hi All,
Bringing this to a conclusion, what a breadth of helpful information!
I can clearly now more knowingly, be safer and my thanks to all who replied!
I will be putting this to more use among my contacts, minus the names
I advance one caveat. With the ongoing tech and means advancements over time, one growing vulnerability may arise that email attachments even when expected from known contacts may not always be safe because with more smarts, they could be breached and the bad actors then lie in wait until the parties bases their collaboration practices once identified then become potential risk exposure events.
Oh? And one last thing if someone knows why and how to undo. I copied and pasted several as per below, but Bitters would not copy/paste unless I did it paragraph by paragraph.
Best!
Eduard
Bitters wrote: Seems to have a hyperlink inside the PDF that actually leads you to the malicious software. So maybe that's one way it gets past virus detection. It relies on the user to grab a secondary file from the hyperlink. I might set up a VM later and see where the rabbit hole leads. Most likely a keylogger if anything at all.
Checked out the link. It's one of the worst fake logins I have ever seen
On 19/01/2022 12:57 PM, John Lange wrote:
Ok, so it turns out it is a straight up credential stealing phish attack.It's a link to a website that links to another website with a fake o365 login. Since there is no executable it escapes malware detection. I would still have thought it would get black-listed based on the URL in the PDF but I guess that shows how weak standard filtering is. I suspect the PDF in the URL is uniquely generated for each email attachment so it can't be easily black-listed.
John
On 18/01/2022 9:15 PM, Adam Thompson wrote:
PDF files can be malicious.
, there have been several PDF zero-day flaws in the past: there could be more to come.
No attachment is safe like opening an email... and if you talk to security experts, they can come up with examples of how just opening an email can be a problem, too .
General rule of thumb: do not open any attachments, ever. The exception is if you know the sender and are expecting an attachment from them. If you must open an unknown attachment (and do not have a sandboxed system where you can do so safely), save it first, make sure it gets or automatically got scanned, then open it.
-Adam
On 19/01/2022 6:45 PM, Brian Lowe wrote:
In addition to rendering flaws, PDFs can have embedded JavaScript. This is from the abstract of a paper published by the IEEE in 2014:
An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008.Owed to its wide-spread use and JavaScript support, PDF has been the primary vehicle for delivering embedded exploits . Unfortunately, existing defenses are limited in effectiveness, vulnerable to evasion, or computationally expensive to be employed as an on-line protection system. In this paper, we propose a context-aware approach for detection and confinement of malicious JavaScript in PDF.
https://ieeexplore.ieee.org/document/6903571
Paper (ironically, a PDF) at https://www.eecis.udel.edu/~dpliu/papers/dsn14.pdf.
Brian