Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Am I too suspicious? .PDF imbedded in .DOC file

Reply
Thread Tools

Am I too suspicious? .PDF imbedded in .DOC file

 
 
JohnF
Guest
Posts: n/a
 
      03-16-2010
Got an email the other day rattling about a lawsuit against our biz.
There was an attachment that was a WORD.DOC file. The anti virus said
it was OK but when you opened it there was a .PDF file imbedded. This
seems just a bit suspicious to me but I can't find anything when I
Google "virus FAQ. .PDF imbedded in .DOC"

Any ideas?


 
Reply With Quote
 
 
 
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      03-16-2010
JohnF wrote:

> Got an email the other day rattling about a lawsuit against our biz.


Sorry to hear that .. (or maybe not, I don't know you <g>)

> There was an attachment that was a WORD.DOC file. The anti virus said
> it was OK but when you opened it there was a .PDF file imbedded.


That in itself doesn't sound suspicious. I've got friends who don't know
how to send even an image by itself. They open Word, and drop in the
picture. Perhaps your sender is equally clueless? Is it from a lawyer,
or some non-technical person at the suer's company? Were you expecting
the email?

> This seems just a bit suspicious to me but I can't find anything when
> I Google "virus FAQ. .PDF imbedded in .DOC"


Try again, with "embedded" spelled correctly. Say:
PDF embedded in DOC virus threat

--
-bts
-Four wheels carry the body; two wheels move the soul
 
Reply With Quote
 
 
 
 
Dan C
Guest
Posts: n/a
 
      03-16-2010
On Tue, 16 Mar 2010 08:34:43 -0700, JohnF wrote:

> Got an email the other day rattling about a lawsuit against our biz.
> There was an attachment that was a WORD.DOC file. The anti virus said it
> was OK but when you opened it there was a .PDF file imbedded. This seems
> just a bit suspicious to me but I can't find anything when I Google
> "virus FAQ. .PDF imbedded in .DOC"
>
> Any ideas?


Yes, this is very bad. You'll need to format your hard drive to ensure
no further damage ensues. Get started, NOW.


--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
"Bother!" said Pooh, as Yoda told him of another Pooh.
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
Thanks, Obama: http://brandybuck.site40.net/pics/politica/thanks.jpg
 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      03-16-2010
JohnF wrote:
> Got an email the other day rattling about a lawsuit against our biz.
> There was an attachment that was a WORD.DOC file. The anti virus said
> it was OK but when you opened it there was a .PDF file imbedded. This
> seems just a bit suspicious to me but I can't find anything when I
> Google "virus FAQ. .PDF imbedded in .DOC"


Are you familiar with the business/ company/ individual/ which actually
sourced this mail?

..doc files have their own insecurities related to scripts.

Adobe releases security alerts and updates about the vulnerabilities of
Reader and Acrobat regularly.

Did you evaluate the email for bogosity? When you are suspicious of an
email, I recommend starting your investigation with the header, not the
body content.

Examine the header for evidence of bogosity; discrepancies in how it
was actually sourced as opposed to how it was From configured; evidence
of bogus tracelines and other spam and malware features.

Realize that whatever kind of virus scanning ware you have is very very
imperfect; if necessary you can submit a file to virus scanning
services which use a score or more of AV engines to test.


--
Mike Easter
 
Reply With Quote
 
JohnF
Guest
Posts: n/a
 
      03-16-2010
On Tue, 16 Mar 2010 09:19:12 -0700, Mike Easter <(E-Mail Removed)>
wrote:

>JohnF wrote:
>> Got an email the other day rattling about a lawsuit against our biz.
>> There was an attachment that was a WORD.DOC file. The anti virus said
>> it was OK but when you opened it there was a .PDF file imbedded. This
>> seems just a bit suspicious to me but I can't find anything when I
>> Google "virus FAQ. .PDF imbedded in .DOC"

>
>Are you familiar with the business/ company/ individual/ which actually
>sourced this mail?
>
>.doc files have their own insecurities related to scripts.
>
>Adobe releases security alerts and updates about the vulnerabilities of
>Reader and Acrobat regularly.
>
>Did you evaluate the email for bogosity? When you are suspicious of an
>email, I recommend starting your investigation with the header, not the
>body content.
>
>Examine the header for evidence of bogosity; discrepancies in how it
>was actually sourced as opposed to how it was From configured; evidence
>of bogus tracelines and other spam and malware features.
>
>Realize that whatever kind of virus scanning ware you have is very very
>imperfect; if necessary you can submit a file to virus scanning
>services which use a score or more of AV engines to test.



I had the owner delete it. He's very computer un-literate so I'm
surprised he even asked me. I was just curious about the Embedding
since I hadn't seen it before and it seems like a sneaky way to get a
virus into someone's computer. My reasoning is since there has been no
contact via snail mail or phone that's it's somebody phishing or
trying to contaminate.

Thanks


 
Reply With Quote
 
Mike Easter
Guest
Posts: n/a
 
      03-16-2010
JohnF wrote:
> Mike Easter
>> JohnF wrote:
>>> Got an email the other day


So this part isn't actually true.

>> Did you evaluate the email for bogosity?


> I had the owner delete it. He's very computer un-literate so I'm
> surprised he even asked me.


So this is more like 'I heard...'

> I was just curious about the Embedding


There is a big problem with people sending other people file formats
which are not compatible with the capabilities of the recipient and
which have more potential for malware.

A .doc file can be a lot of things; some of them are able to be
rendered by a lot of different software accurately. A .doc file can
also harbor malware, some of which is not going to be detected by the
recipients AV.

A .pdf has some advantages over the .doc. I would not consider the .pdf
to be more insecure than the .doc. It has the advantage of being more
predictable in how it renders for display or printing.

Since you weren't the one who received the file, we can't even be sure
if it was embedded or another different attachment or what.

> since I hadn't seen it before and it seems like a sneaky way to get a
> virus into someone's computer. My reasoning is since there has been no
> contact via snail mail or phone that's it's somebody phishing or
> trying to contaminate.


The best way to find out what really happened there would be to get the
recipient to forward the mail itself to you as an attachment.

You would be able to approach the original mail more forensically, than
hearing a report from someone trying to describe a mail. Then you would
be able to dissect the headers first for evidence of bogosity, determine
in more than one way whether or not the missive contained malware, and
if it were clean and not bogus, you could find out what the content was
all about.


--
Mike Easter
 
Reply With Quote
 
chuckcar
Guest
Posts: n/a
 
      03-19-2010
JohnF <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Got an email the other day rattling about a lawsuit against our biz.
> There was an attachment that was a WORD.DOC file. The anti virus said
> it was OK but when you opened it there was a .PDF file imbedded. This
> seems just a bit suspicious to me but I can't find anything when I
> Google "virus FAQ. .PDF imbedded in .DOC"
>

The problem with word documents is the fact that you can write trojans
*in* macros within a word document. The fact that an embedded PDF file
is in the document changes nothing.

AV software *does* give false positives - just like computer has bugs.
hings like IE not always remembering to open maximized. Nothing more dangerous.

One thing AV software *doesn't* do is give false negatives - if you get
*no* malware found on a full scan of a full hard drive, there *is* no
trojans or viruses that the company has heard of. That means *all*
malware back to when they started producing their software. That's a
*lot*.

--
(setq (chuck nil) car(chuck) )
 
Reply With Quote
 
chuckcar
Guest
Posts: n/a
 
      03-19-2010
JohnF <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On Tue, 16 Mar 2010 09:19:12 -0700, Mike Easter <(E-Mail Removed)>
> wrote:
>


> I had the owner delete it. He's very computer un-literate so I'm
> surprised he even asked me. I was just curious about the Embedding
> since I hadn't seen it before and it seems like a sneaky way to get a
> virus into someone's computer. My reasoning is since there has been no
> contact via snail mail or phone that's it's somebody phishing or
> trying to contaminate.
>

That was overkill. As for him being computer literate, he knew how to
embed a file in Word - something you yourself admit you don't know
about. If the owner has AV protection, you've gone overboard on this
one.


--
(setq (chuck nil) car(chuck) )
 
Reply With Quote
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      03-19-2010
chuckcar wrote:

> The problem with [your post]


25 demerits for excessive use of asterisks! Go to your room.

--
-bts
-a false negative is the best thing since sliced bread
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
saving imbedded images from emails Rose Firefox 2 03-07-2006 02:08 AM
Imbedded addresses Bert Walker Computer Support 1 04-22-2004 06:55 PM
imbedded image question Mike HTML 2 01-06-2004 01:30 AM
How do I remove imbedded movie from ShockWave Player Jack B. Pollack Computer Support 2 09-01-2003 06:36 PM
Parser that handles XSDL with imbedded Schematron? gabriel XML 3 06-25-2003 11:59 AM



Advertisments