Just received worrying looking email in my gmail account

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
+ User FidoNet address: 1:3634/12.71
On Wed, 22 Jan 2014, Hugo Ripanykhazov wrote to All:


Quoted text here. Click to load it

 HR> How do I do this? I was a bit reluctant to open it? Forward it to
 HR> some email address there?

you download it and then visit the virustotal site to upload it... just do not
open it...

)\/(ark

Not only is the Universe stranger than we think, it is stranger than we can
think. - Werner Heisenberg
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com


Re: Just received worrying looking email in my gmail account

+ User FidoNet address: 1:3634/12.71
On Wed, 22 Jan 2014, Hugo Ripanykhazov wrote to All:


 HR> Is there any way I can check it please? I use Windows 8. Or should
 HR> I just open it in Linux on another computer?  [I have already
 HR> "inspected element" and again it seems to be a .pdf file]

it may be a pdf with embedded malware... there is software available to analyze
pdf files... malware researchers use software like this all the time... you
might consider sending the file to a researcher and seeing what they say about
it...

 HR> HERE IS THE TEXT:  (obviously I'm not going to copy the element!)It
 HR> is from an attorney though I haven't spoken to him for a few years
 HR> and dont want to now.  The origination gmail address looks a bit
 HR> like his real one.  

yeah, if i had to guess, i'd say that one of their systems has been infested
and their contacts list harvested for use in phishing or simple malware
infesting... your connection with them had to have been discovered from
somewhere... that means your machine, their machine(s), or someone else who has
both of you in their contacts and knows that the two of you had business of
some kind between you...

if you really want to do this yourself, not recommended, you should hunt down
the various pdf analyzers and use them on the file... definitely do not open it
until you are absolutely positive that it is not infected or carrying any kind
of autostarting macro... opening it on a *nix box may still result in an
infestation if the thing carries code to determine the OS and branch for the
proper tools and binaries for the detected OS...

)\/(ark

Not only is the Universe stranger than we think, it is stranger than we can
think. - Werner Heisenberg
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com


Re: Just received worrying looking email in my gmail account

+ User FidoNet address: 1:3634/12.71
On Fri, 24 Jan 2014, FromTheRafters wrote to All:


 F> After serious thinking mark lewis wrote :

 F> [...]

Quoted text here. Click to load it

 F> PDFStreamDumper.exe will decompress (inflate with zlib) all  
 F> compressed  and/or encoded streams, but is a Windows 32 bit  
 F> program. If you like  command line type programs, Didier Stevens'  
 F> PDF-Parser.py can be used  on any system with Python version 2  
 F> installed. Both are free programs.  

yes! those are two that i was thinking of... i just didn't try to look up
anything ;)

 F> That being said, I'm almost 100% sure it is not *really* a PDF.  

i'm pretty sure of that as well :)

)\/(ark

Not only is the Universe stranger than we think, it is stranger than we can
think. - Werner Heisenberg
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com


Site Timeline