For what it's worth, I downloaded this file and scanned it with Windows Defender and it came back clean. I also uploaded it to a (free) 3rd party malware detection site which reported "No security vendors and no sandboxes flagged this file as malicious". So it appears it is just a normal phishing attack and not a malware attack. That being said, since it is so obviously a phish, there is no reason to actually open it which puts you at risk of some zero-day attack.

I'm actually amazed the original post didn't get caught in spam filters.

John

On Wed, Jan 19, 2022 at 10:11 AM Adam Thompson <athompso@athompso.net> wrote:
You are correct, although getting your payload to be executed or even opened could be difficult, since AFAIK none of the apps that can read .docx (et al.) files will blindly read everything inside the ZIP container.
Every anti-malware engine I know of also knows how to detect zip files and scan inside them.
So it's still useful vector in certain ways, but it's not the open door it once was.
-Adam
From: Roundtable <roundtable-bounces@muug.ca> on behalf of Bitters <bittercake2329@gmail.com>
Sent: Wednesday, January 19, 2022 9:50:38 AM
To: Continuation of Round Table discussion <roundtable@muug.ca>
Subject: Re: [RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification
 
Aren't most Word/PDF files just straight up a ZIP file? So you could easily unzip a word file. Upload your malware or whatever you have. Rezip the file and send it to your target or am I not remembering it correctly?

On Tue, Jan 18, 2022 at 9:17 PM Adam Thompson <athompso@athompso.net> wrote:
Actually, I will make one comment about an obvious red flag: From: Accounting Clerk, but the email address is some random Gmail address?  That's a giant nope for me.  Instant delete.
-Adam
From: Roundtable <roundtable-bounces@muug.ca> on behalf of eh@eduardhiebert.com <eh@eduardhiebert.com>
Sent: Tuesday, January 18, 2022 9:00:08 PM
To: roundtable@muug.ca <roundtable@muug.ca>
Subject: [RndTbl] Fwd: Can a pdf file itself be maleware Fwd: FW: remittance Message Payment Status Notification
 

Hi,

This is likely phishing spam and passing around for further information.

Just opening an email without clicking on anything I understand can be
safe.

I would rather ask than be sorry.    Is this also true of pdf files?

If someone can open safely I would like to have a sense who is behind
this one.

Thanks,

Eduard


-------- Forwarded Message --------

                 SUBJECT:
                 FW: remittance Message Payment Status Notification

                 DATE:
                 Wed, 19 Jan 2022 06:15:45 +0800

                 FROM:
                 Accounting Clerk <michaelgarnett1233@gmail.com>

Hello,

Open Attached PDF to confirm remittance info.

TRYR GROUP ACCOUNT

Account clerk

11524 Scenic Hills Blvd

-------------------------
_______________________________________________
Roundtable mailing list
Roundtable@muug.ca
https://muug.ca/mailman/listinfo/roundtable
_______________________________________________
Roundtable mailing list
Roundtable@muug.ca
https://muug.ca/mailman/listinfo/roundtable


--
John Lange