Spam/Phishing via PDF

AggieMike88

AggieMike88

Touchdown! Greaser!
Joined
Jan 13, 2010
Messages
20,805
Location
Denton, TX
Display Name
Display name:
The original "I don't know it all" of aviation.
I've been seeing an increase of phishing emails that are using PDF's as the payload delivery system.

Of course they get deleted. But I'm curious how that method works.

An example email:

upload_2016-3-12_18-15-59.png
 
I could write an interesting folk song (or is it filk?) just using the subject lines.

Sorta like this Homer and Jethro song about a billboard after a storm.

 
Is this where you fill out a pdf and send it back with personal info? Or the exe is disguised as a pdf?
 
Open it in a sandbox VM with no connection to the Internet and maybe wireshark to see what it's trying to do
 
AggieMike88 said:
That's what I'm trying to find out.
Click to expand...
Why doncha click on the "pdf"? :D

sferguson524 said:
Open it in a sandbox VM with no connection to the Internet and maybe wireshark to see what it's trying to do
Click to expand...
That.
Please do post back with results, I am curious what they are trying to pull.
Well, of course we know what they're trying to pull but I am curious how stupid they think we are.
I also got an email recently that my Yahoo account will be suspended if I do not log in and resolve some spamming issue. I moused-over the link and it pointed to Serbia. Yeah, good luck! :D
 
BigBadLou said:
Why doncha click on the "pdf"? :D


That.
Please do post back with results, I am curious what they are trying to pull.
Well, of course we know what they're trying to pull but I am curious how stupid they think we are.
I also got an email recently that my Yahoo account will be suspended if I do not log in and resolve some spamming issue. I moused-over the link and it pointed to Serbia. Yeah, good luck! :D
Click to expand...

Not everyone is that savvy. In fact, I suspect fewer than five percent of users understand anything that's been mentioned in this thread other than maybe vaguely understanding what a PDF file is.

I can tell you that the percentage of mails my servers handle that are detected as containing malware (as opposed to your more ordinary peniphernalia-type spam) has tripled in the past two years. Overall spam, on the other hand, has dropped by about one-third in that time.

I'd been debating whether to strike a deal with a good antivirus company to provide free antivirus software to all my clients for their desktops and laptops. But my lawyer told me that doing so might actually increase my liability. My providing the software, he says, would represent an implicit endorsement; so if it misses something, it opens me up to liability if the client asserts that whatever they were using before would have caught the malware. Apparently it's one of those "no good deed goes unpunished" sorts of things.

Rich
 
I suspect heavily that it is not a PDF. It is probably an executable renamed as a PDF. When it runs, it will probably even be smart enough to launch Adobe Reader in the foreground with a fairly innocuous document in it.
 
You must log in or register to reply here.
Back
Top