Checked out the link. It's one of the worst fake logins I have ever seen. [image: image.png]
On Wed, Jan 19, 2022 at 11:55 AM Bitters bittercake2329@gmail.com wrote:
Seems to have a hyperlink inside the PDF that actually leads you to the malicious software. So maybe that's one way it gets past virus detection. It relies on the user to grab a secondary file from the hyperlink. I might set up a VM later and see where the rabbit hole leads. Most likely a keylogger if anything at all.
On Wed, Jan 19, 2022 at 11:30 AM J. King jking@jkingweb.ca wrote:
On Wed, 2022-01-19 at 10:39 -0600, John Lange wrote:
For what it's worth, I downloaded this file and scanned it with Windows Defender and it came back clean. I also uploaded it to a (free) 3rd party malware detection site which reported "No security vendors and no sandboxes flagged this file as malicious". So it appears it is just a normal phishing attack and not a malware attack. That being said, since it is so obviously a phish, there is no reason to actually open it which puts you at risk of some zero-day attack.
I'm actually amazed the original post didn't get caught in spam filters.
If you're referring to the message Eduard sent to the list, it's not that surprising. These days spam filters mostly rely on sender reputation and authentication, and the message looking like what it claims to be structurally; analysis of the text content of the message is an unreliable indicator, though it can tip the scales when other red flags are present. Eduard's having forwarded the spammy message (and then the list doing likewise) destroyed both the original sender information and the original structure, so it looks like what it is: a legitimate user sending a legitimate message through a legitimate mailing list.
According to the header of what I received on my end, both MUUG's MTA and my own barely found it spammy. It seems they were only suspicious at all because there was no authentication information (SPF, DKIM, DMARC, ARC) attributable to Eduard's message.
-- J. King jking@jkingweb.ca _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
