An ounce of proactive prevention is worth many pounds of cure!
Today is the first time I heard of the term Emotet email which hi-jacks email threads and loads them with maleware especially Word and Excel documents.
I have anticipated and guarded against this potential concept simply by not opening attachments even from acquaintances, especially the routine type which prefer esthetics over safety.
European sites have stricter safety protocols but are not perfect. One site suggested using haveibeenpwned.com/NotifyMe to verify if Emotet has your email address. On second thought whether Emotet has ones email address is almost irrelevent. What is important if they have hacked ones account. Is this worth checking out by anyone who can do so safely? For reference please see
Gefährlicher Trojaner: So überprüfen Sie, ob Emotet Ihre ... [Search domain t-online.de] https://www.t-online.de › digital › internet › id_89956954 › gefaehrlicher-trojaner-so-ueberpruefen-sie-ob-emotet-ihre-mailadresse-hatte.html So überprüfen Sie, ob Emotet Ihre Mailadresse hatte Und so können Sie überprüfen, ob Ihre Mailadresse in der Liste auftaucht: 1. Gehen Sie auf die Webseite "haveibeenpwned.com/NotifyMe". Geben Sie...
More importantly there are reputable software download sites. In a similar vain are there safe practice sites which would help verify if a site is clean or not. As sometimes good sites are simply not up to date and Firefox for example makes no further distinctions.
Eduard
-------- Original Message -------- Subject: Re: [RndTbl] Fwd: Can a pdf file itself be maleware Date: 2022-01-20 19:26 From: eh@eduardhiebert.com To: Continuation of Round Table discussion roundtable@muug.ca
Reply-To: Continuation of Round Table discussion roundtable@muug.ca
Hi All,
Bringing this to a conclusion, what a breadth of helpful information!
I can clearly now more knowingly, be safer and my thanks to all who replied!
I will be putting this to more use among my contacts, minus the names
I advance one caveat. With the ongoing tech and means advancements over time, one growing vulnerability may arise that email attachments even when expected from known contacts may not always be safe because with more smarts, they could be breached and the bad actors then lie in wait until the parties bases their collaboration practices once identified then become potential risk exposure events.
Oh? And one last thing if someone knows why and how to undo. I copied and pasted several as per below, but Bitters would not copy/paste unless I did it paragraph by paragraph.
Best!
Eduard
Bitters wrote: Seems to have a hyperlink inside the PDF that actually leads you to the malicious software. So maybe that's one way it gets past virus detection. It relies on the user to grab a secondary file from the hyperlink. I might set up a VM later and see where the rabbit hole leads. Most likely a keylogger if anything at all.
Checked out the link. It's one of the worst fake logins I have ever seen
On 19/01/2022 12:57 PM, John Lange wrote:
Ok, so it turns out it is a straight up credential stealing phish attack.It's a link to a website that links to another website with a fake o365 login. Since there is no executable it escapes malware detection. I would still have thought it would get black-listed based on the URL in the PDF but I guess that shows how weak standard filtering is. I suspect the PDF in the URL is uniquely generated for each email attachment so it can't be easily black-listed.
John
On 18/01/2022 9:15 PM, Adam Thompson wrote:
PDF files can be malicious.
, there have been several PDF zero-day flaws in the past: there could be more to come.
No attachment is safe like opening an email... and if you talk to security experts, they can come up with examples of how just opening an email can be a problem, too .
General rule of thumb: do not open any attachments, ever. The exception is if you know the sender and are expecting an attachment from them. If you must open an unknown attachment (and do not have a sandboxed system where you can do so safely), save it first, make sure it gets or automatically got scanned, then open it.
-Adam
On 19/01/2022 6:45 PM, Brian Lowe wrote:
In addition to rendering flaws, PDFs can have embedded JavaScript. This is from the abstract of a paper published by the IEEE in 2014:
An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008.Owed to its wide-spread use and JavaScript support, PDF has been the primary vehicle for delivering embedded exploits . Unfortunately, existing defenses are limited in effectiveness, vulnerable to evasion, or computationally expensive to be employed as an on-line protection system. In this paper, we propose a context-aware approach for detection and confinement of malicious JavaScript in PDF.
https://ieeexplore.ieee.org/document/6903571
Paper (ironically, a PDF) at https://www.eecis.udel.edu/~dpliu/papers/dsn14.pdf.
Brian _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable