Am I too suspicious? .PDF imbedded in .DOC file

Discussion in 'Computer Support' started by JohnF, Mar 16, 2010.

  1. JohnF

    JohnF Guest

    Got an email the other day rattling about a lawsuit against our biz.
    There was an attachment that was a WORD.DOC file. The anti virus said
    it was OK but when you opened it there was a .PDF file imbedded. This
    seems just a bit suspicious to me but I can't find anything when I
    Google "virus FAQ. .PDF imbedded in .DOC"

    Any ideas?
    JohnF, Mar 16, 2010
    #1
    1. Advertising

  2. JohnF wrote:

    > Got an email the other day rattling about a lawsuit against our biz.


    Sorry to hear that .. (or maybe not, I don't know you <g>)

    > There was an attachment that was a WORD.DOC file. The anti virus said
    > it was OK but when you opened it there was a .PDF file imbedded.


    That in itself doesn't sound suspicious. I've got friends who don't know
    how to send even an image by itself. They open Word, and drop in the
    picture. Perhaps your sender is equally clueless? Is it from a lawyer,
    or some non-technical person at the suer's company? Were you expecting
    the email?

    > This seems just a bit suspicious to me but I can't find anything when
    > I Google "virus FAQ. .PDF imbedded in .DOC"


    Try again, with "embedded" spelled correctly. Say:
    PDF embedded in DOC virus threat

    --
    -bts
    -Four wheels carry the body; two wheels move the soul
    Beauregard T. Shagnasty, Mar 16, 2010
    #2
    1. Advertising

  3. JohnF

    Dan C Guest

    On Tue, 16 Mar 2010 08:34:43 -0700, JohnF wrote:

    > Got an email the other day rattling about a lawsuit against our biz.
    > There was an attachment that was a WORD.DOC file. The anti virus said it
    > was OK but when you opened it there was a .PDF file imbedded. This seems
    > just a bit suspicious to me but I can't find anything when I Google
    > "virus FAQ. .PDF imbedded in .DOC"
    >
    > Any ideas?


    Yes, this is very bad. You'll need to format your hard drive to ensure
    no further damage ensues. Get started, NOW.


    --
    "Ubuntu" -- an African word, meaning "Slackware is too hard for me".
    "Bother!" said Pooh, as Yoda told him of another Pooh.
    Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
    Thanks, Obama: http://brandybuck.site40.net/pics/politica/thanks.jpg
    Dan C, Mar 16, 2010
    #3
  4. JohnF

    Mike Easter Guest

    JohnF wrote:
    > Got an email the other day rattling about a lawsuit against our biz.
    > There was an attachment that was a WORD.DOC file. The anti virus said
    > it was OK but when you opened it there was a .PDF file imbedded. This
    > seems just a bit suspicious to me but I can't find anything when I
    > Google "virus FAQ. .PDF imbedded in .DOC"


    Are you familiar with the business/ company/ individual/ which actually
    sourced this mail?

    ..doc files have their own insecurities related to scripts.

    Adobe releases security alerts and updates about the vulnerabilities of
    Reader and Acrobat regularly.

    Did you evaluate the email for bogosity? When you are suspicious of an
    email, I recommend starting your investigation with the header, not the
    body content.

    Examine the header for evidence of bogosity; discrepancies in how it
    was actually sourced as opposed to how it was From configured; evidence
    of bogus tracelines and other spam and malware features.

    Realize that whatever kind of virus scanning ware you have is very very
    imperfect; if necessary you can submit a file to virus scanning
    services which use a score or more of AV engines to test.


    --
    Mike Easter
    Mike Easter, Mar 16, 2010
    #4
  5. JohnF

    JohnF Guest

    On Tue, 16 Mar 2010 09:19:12 -0700, Mike Easter <>
    wrote:

    >JohnF wrote:
    >> Got an email the other day rattling about a lawsuit against our biz.
    >> There was an attachment that was a WORD.DOC file. The anti virus said
    >> it was OK but when you opened it there was a .PDF file imbedded. This
    >> seems just a bit suspicious to me but I can't find anything when I
    >> Google "virus FAQ. .PDF imbedded in .DOC"

    >
    >Are you familiar with the business/ company/ individual/ which actually
    >sourced this mail?
    >
    >.doc files have their own insecurities related to scripts.
    >
    >Adobe releases security alerts and updates about the vulnerabilities of
    >Reader and Acrobat regularly.
    >
    >Did you evaluate the email for bogosity? When you are suspicious of an
    >email, I recommend starting your investigation with the header, not the
    >body content.
    >
    >Examine the header for evidence of bogosity; discrepancies in how it
    >was actually sourced as opposed to how it was From configured; evidence
    >of bogus tracelines and other spam and malware features.
    >
    >Realize that whatever kind of virus scanning ware you have is very very
    >imperfect; if necessary you can submit a file to virus scanning
    >services which use a score or more of AV engines to test.



    I had the owner delete it. He's very computer un-literate so I'm
    surprised he even asked me. I was just curious about the Embedding
    since I hadn't seen it before and it seems like a sneaky way to get a
    virus into someone's computer. My reasoning is since there has been no
    contact via snail mail or phone that's it's somebody phishing or
    trying to contaminate.

    Thanks
    JohnF, Mar 16, 2010
    #5
  6. JohnF

    Mike Easter Guest

    JohnF wrote:
    > Mike Easter
    >> JohnF wrote:
    >>> Got an email the other day


    So this part isn't actually true.

    >> Did you evaluate the email for bogosity?


    > I had the owner delete it. He's very computer un-literate so I'm
    > surprised he even asked me.


    So this is more like 'I heard...'

    > I was just curious about the Embedding


    There is a big problem with people sending other people file formats
    which are not compatible with the capabilities of the recipient and
    which have more potential for malware.

    A .doc file can be a lot of things; some of them are able to be
    rendered by a lot of different software accurately. A .doc file can
    also harbor malware, some of which is not going to be detected by the
    recipients AV.

    A .pdf has some advantages over the .doc. I would not consider the .pdf
    to be more insecure than the .doc. It has the advantage of being more
    predictable in how it renders for display or printing.

    Since you weren't the one who received the file, we can't even be sure
    if it was embedded or another different attachment or what.

    > since I hadn't seen it before and it seems like a sneaky way to get a
    > virus into someone's computer. My reasoning is since there has been no
    > contact via snail mail or phone that's it's somebody phishing or
    > trying to contaminate.


    The best way to find out what really happened there would be to get the
    recipient to forward the mail itself to you as an attachment.

    You would be able to approach the original mail more forensically, than
    hearing a report from someone trying to describe a mail. Then you would
    be able to dissect the headers first for evidence of bogosity, determine
    in more than one way whether or not the missive contained malware, and
    if it were clean and not bogus, you could find out what the content was
    all about.


    --
    Mike Easter
    Mike Easter, Mar 16, 2010
    #6
  7. JohnF

    chuckcar Guest

    JohnF <> wrote in
    news::

    > Got an email the other day rattling about a lawsuit against our biz.
    > There was an attachment that was a WORD.DOC file. The anti virus said
    > it was OK but when you opened it there was a .PDF file imbedded. This
    > seems just a bit suspicious to me but I can't find anything when I
    > Google "virus FAQ. .PDF imbedded in .DOC"
    >

    The problem with word documents is the fact that you can write trojans
    *in* macros within a word document. The fact that an embedded PDF file
    is in the document changes nothing.

    AV software *does* give false positives - just like computer has bugs.
    hings like IE not always remembering to open maximized. Nothing more dangerous.

    One thing AV software *doesn't* do is give false negatives - if you get
    *no* malware found on a full scan of a full hard drive, there *is* no
    trojans or viruses that the company has heard of. That means *all*
    malware back to when they started producing their software. That's a
    *lot*.

    --
    (setq (chuck nil) car(chuck) )
    chuckcar, Mar 19, 2010
    #7
  8. JohnF

    chuckcar Guest

    JohnF <> wrote in
    news::

    > On Tue, 16 Mar 2010 09:19:12 -0700, Mike Easter <>
    > wrote:
    >


    > I had the owner delete it. He's very computer un-literate so I'm
    > surprised he even asked me. I was just curious about the Embedding
    > since I hadn't seen it before and it seems like a sneaky way to get a
    > virus into someone's computer. My reasoning is since there has been no
    > contact via snail mail or phone that's it's somebody phishing or
    > trying to contaminate.
    >

    That was overkill. As for him being computer literate, he knew how to
    embed a file in Word - something you yourself admit you don't know
    about. If the owner has AV protection, you've gone overboard on this
    one.


    --
    (setq (chuck nil) car(chuck) )
    chuckcar, Mar 19, 2010
    #8
  9. chuckcar wrote:

    > The problem with [your post]


    25 demerits for excessive use of asterisks! Go to your room.

    --
    -bts
    -a false negative is the best thing since sliced bread
    Beauregard T. Shagnasty, Mar 19, 2010
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rose
    Replies:
    2
    Views:
    819
  2. Jack B. Pollack

    How do I remove imbedded movie from ShockWave Player

    Jack B. Pollack, Sep 1, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    490
    °Mike°
    Sep 1, 2003
  3. Bert Walker

    Imbedded addresses

    Bert Walker, Apr 22, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    463
    °Mike°
    Apr 22, 2004
  4. Richard
    Replies:
    16
    Views:
    1,198
    Impossible
    May 3, 2005
  5. PWB

    .pdf doc to word doc

    PWB, Sep 16, 2008, in forum: Computer Support
    Replies:
    14
    Views:
    1,098
    chuckcar
    Sep 19, 2008
Loading...

Share This Page