|
Am I too suspicious? .PDF imbedded in .DOC file
Got an email the other day rattling about a lawsuit against our biz.
There was an attachment that was a WORD.DOC file. The anti virus said it was OK but when you opened it there was a .PDF file imbedded. This seems just a bit suspicious to me but I can't find anything when I Google "virus FAQ. .PDF imbedded in .DOC" Any ideas? |
Re: Am I too suspicious? .PDF imbedded in .DOC file
JohnF wrote:
> Got an email the other day rattling about a lawsuit against our biz. Sorry to hear that .. (or maybe not, I don't know you <g>) > There was an attachment that was a WORD.DOC file. The anti virus said > it was OK but when you opened it there was a .PDF file imbedded. That in itself doesn't sound suspicious. I've got friends who don't know how to send even an image by itself. They open Word, and drop in the picture. Perhaps your sender is equally clueless? Is it from a lawyer, or some non-technical person at the suer's company? Were you expecting the email? > This seems just a bit suspicious to me but I can't find anything when > I Google "virus FAQ. .PDF imbedded in .DOC" Try again, with "embedded" spelled correctly. Say: PDF embedded in DOC virus threat -- -bts -Four wheels carry the body; two wheels move the soul |
Re: Am I too suspicious? .PDF imbedded in .DOC file
On Tue, 16 Mar 2010 08:34:43 -0700, JohnF wrote:
> Got an email the other day rattling about a lawsuit against our biz. > There was an attachment that was a WORD.DOC file. The anti virus said it > was OK but when you opened it there was a .PDF file imbedded. This seems > just a bit suspicious to me but I can't find anything when I Google > "virus FAQ. .PDF imbedded in .DOC" > > Any ideas? Yes, this is very bad. You'll need to format your hard drive to ensure no further damage ensues. Get started, NOW. -- "Ubuntu" -- an African word, meaning "Slackware is too hard for me". "Bother!" said Pooh, as Yoda told him of another Pooh. Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/ Thanks, Obama: http://brandybuck.site40.net/pics/politica/thanks.jpg |
Re: Am I too suspicious? .PDF imbedded in .DOC file
JohnF wrote:
> Got an email the other day rattling about a lawsuit against our biz. > There was an attachment that was a WORD.DOC file. The anti virus said > it was OK but when you opened it there was a .PDF file imbedded. This > seems just a bit suspicious to me but I can't find anything when I > Google "virus FAQ. .PDF imbedded in .DOC" Are you familiar with the business/ company/ individual/ which actually sourced this mail? ..doc files have their own insecurities related to scripts. Adobe releases security alerts and updates about the vulnerabilities of Reader and Acrobat regularly. Did you evaluate the email for bogosity? When you are suspicious of an email, I recommend starting your investigation with the header, not the body content. Examine the header for evidence of bogosity; discrepancies in how it was actually sourced as opposed to how it was From configured; evidence of bogus tracelines and other spam and malware features. Realize that whatever kind of virus scanning ware you have is very very imperfect; if necessary you can submit a file to virus scanning services which use a score or more of AV engines to test. -- Mike Easter |
Re: Am I too suspicious? .PDF imbedded in .DOC file
On Tue, 16 Mar 2010 09:19:12 -0700, Mike Easter <MikeE@ster.invalid>
wrote: >JohnF wrote: >> Got an email the other day rattling about a lawsuit against our biz. >> There was an attachment that was a WORD.DOC file. The anti virus said >> it was OK but when you opened it there was a .PDF file imbedded. This >> seems just a bit suspicious to me but I can't find anything when I >> Google "virus FAQ. .PDF imbedded in .DOC" > >Are you familiar with the business/ company/ individual/ which actually >sourced this mail? > >.doc files have their own insecurities related to scripts. > >Adobe releases security alerts and updates about the vulnerabilities of >Reader and Acrobat regularly. > >Did you evaluate the email for bogosity? When you are suspicious of an >email, I recommend starting your investigation with the header, not the >body content. > >Examine the header for evidence of bogosity; discrepancies in how it >was actually sourced as opposed to how it was From configured; evidence >of bogus tracelines and other spam and malware features. > >Realize that whatever kind of virus scanning ware you have is very very >imperfect; if necessary you can submit a file to virus scanning >services which use a score or more of AV engines to test. I had the owner delete it. He's very computer un-literate so I'm surprised he even asked me. I was just curious about the Embedding since I hadn't seen it before and it seems like a sneaky way to get a virus into someone's computer. My reasoning is since there has been no contact via snail mail or phone that's it's somebody phishing or trying to contaminate. Thanks |
Re: Am I too suspicious? .PDF imbedded in .DOC file
JohnF wrote:
> Mike Easter >> JohnF wrote: >>> Got an email the other day So this part isn't actually true. >> Did you evaluate the email for bogosity? > I had the owner delete it. He's very computer un-literate so I'm > surprised he even asked me. So this is more like 'I heard...' > I was just curious about the Embedding There is a big problem with people sending other people file formats which are not compatible with the capabilities of the recipient and which have more potential for malware. A .doc file can be a lot of things; some of them are able to be rendered by a lot of different software accurately. A .doc file can also harbor malware, some of which is not going to be detected by the recipients AV. A .pdf has some advantages over the .doc. I would not consider the .pdf to be more insecure than the .doc. It has the advantage of being more predictable in how it renders for display or printing. Since you weren't the one who received the file, we can't even be sure if it was embedded or another different attachment or what. > since I hadn't seen it before and it seems like a sneaky way to get a > virus into someone's computer. My reasoning is since there has been no > contact via snail mail or phone that's it's somebody phishing or > trying to contaminate. The best way to find out what really happened there would be to get the recipient to forward the mail itself to you as an attachment. You would be able to approach the original mail more forensically, than hearing a report from someone trying to describe a mail. Then you would be able to dissect the headers first for evidence of bogosity, determine in more than one way whether or not the missive contained malware, and if it were clean and not bogus, you could find out what the content was all about. -- Mike Easter |
Re: Am I too suspicious? .PDF imbedded in .DOC file
JohnF <mpi-brwNADA@phxinternet.net> wrote in
news:dv8vp557t4egofbj2iid7n64826ikakued@4ax.com: > Got an email the other day rattling about a lawsuit against our biz. > There was an attachment that was a WORD.DOC file. The anti virus said > it was OK but when you opened it there was a .PDF file imbedded. This > seems just a bit suspicious to me but I can't find anything when I > Google "virus FAQ. .PDF imbedded in .DOC" > The problem with word documents is the fact that you can write trojans *in* macros within a word document. The fact that an embedded PDF file is in the document changes nothing. AV software *does* give false positives - just like computer has bugs. hings like IE not always remembering to open maximized. Nothing more dangerous. One thing AV software *doesn't* do is give false negatives - if you get *no* malware found on a full scan of a full hard drive, there *is* no trojans or viruses that the company has heard of. That means *all* malware back to when they started producing their software. That's a *lot*. -- (setq (chuck nil) car(chuck) ) |
Re: Am I too suspicious? .PDF imbedded in .DOC file
JohnF <mpi-brwNADA@phxinternet.net> wrote in
news:jvkvp5pj1is1ignqan0tej2e0qp30q1v8p@4ax.com: > On Tue, 16 Mar 2010 09:19:12 -0700, Mike Easter <MikeE@ster.invalid> > wrote: > > I had the owner delete it. He's very computer un-literate so I'm > surprised he even asked me. I was just curious about the Embedding > since I hadn't seen it before and it seems like a sneaky way to get a > virus into someone's computer. My reasoning is since there has been no > contact via snail mail or phone that's it's somebody phishing or > trying to contaminate. > That was overkill. As for him being computer literate, he knew how to embed a file in Word - something you yourself admit you don't know about. If the owner has AV protection, you've gone overboard on this one. -- (setq (chuck nil) car(chuck) ) |
Re: Am I too suspicious? .PDF imbedded in .DOC file
chuckcar wrote:
> The problem with [your post] 25 demerits for excessive use of asterisks! Go to your room. -- -bts -a false negative is the best thing since sliced bread |
| All times are GMT. The time now is 08:32 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.