Pages

Monday, 30 November 2015

So what about PDF files?

An email from Google!


From: Google  Incorporation ® <test@lateliernyc.com>
Reply-To: Google  Incorporation ® <daviddrummond2015.guk@googlemail.com>
To: undisclosed-recipients:  ;
Subject: Google End Of The Year Winning Letter®
Parts/Attachments:
   1 Shown   ~33 lines  Text
   2          80 KB     Application
----------------------------------------

Dear Google User,

You have been selected as a winner for using Google services. Find attached email with more
details.

Congratulations,

Larry Page
CEO of Google

©2015 Google  Incorporation ®
Of course, it isn't. But a pdf file was enclosed.

SHA1 aee4153e0b9f4fd0ab9a59957860fe410cff5dc6
SHA256 e4014fc00c263f1a821964ecb66d9b269876b92b7008e884fd4f2cc2ef788256 
 
I sent it off to Jotti, Metascan and Virustotal, and they all reported that it's clean. Virustotal told me that it was first reported on October 18, 2015, six weeks ago.

Given that Larry Page isn't one of my usual correspondents, it's obviously something bad. Maybe it's a scam, not malware? I don't have a virus lab, so I'm not going to load it to find out.

This also arrived:
 

From: orders@kidd-uk.com
Subject: Sales Invoice OP/I599241 For ANDSTRAT (NO.355) LTD
Parts/Attachments:
   1 Shown      6 lines  Text
   2          132 KB     Application
----------------------------------------

 Please see enclosed Sales Invoice for your attention.

 Regards from Accounts at James F Kidd
 ( email: accounts@kidd-uk.com )

Also a PDF file, according to the extension, but actually it's a DOC file!

Jotti: One product (Kaspersky) out of 20 flagged it.
Metascan: Two products (Kaspersky and ThreatTrack) out of 43 flagged it.
VirusTotal:  6 out of 54 flagged it.

No comments:

Post a Comment