not a day passes by that spammers/crackers/evil money addicted people try to infect your system with an word.doc attached to some mail from „police“ „government“ „paypal“ „facebook“ „google“ „apple“ or whatever.
here is the latest scam that:
as soon as you open the document with MS Office and enter the password i bet (did not test) you will get ransomware infection (all your files will be encrypted and you will have to pay bitcoins to cracker’s address to get the key and possible some of your files back (maybe not all))
… another reason to use linux and open office… (although this is also no 100% protection).
the attached files:
sha512sum: 59e0bc3309831ae9f4a15ad01e45217c2c8cb5d5458dfd10acf6d3582fbd42e5a6c09205d6cbb330d863ebc6c83279663b97a61c8bb2318625e6769f0042becc uscourtgov.com_scan_admin.doc
Return-path: <Dominick.Jones@uscourtsgov.com> Envelope-to: email@example.com Delivery-date: Wed, 09 May 2018 13:27:17 +0200 Received: from mail19.uscourtsgov.com ([126.96.36.199]) by dwaves.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <Dominick.Jones@uscourtsgov.com>) id 1fGNFd-0007Bm-DT for firstname.lastname@example.org; Wed, 09 May 2018 13:27:17 +0200 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=uscourtsgov.com; h=Content-Type:Mime-Version:Subject:From:Date:Message-Id:To; i=Dominick.Jones@uscourtsgov.com; bh=t9DquuuXMx9swZjILrqjiEIdulI=; b=J9oMnAifNXacR8NLIuGDJGFzlZup+dsw3K/xGythY4gqev+DreKsHeMmeAPtXk/GeJrqDdAoNEnC Wf3NMxFBnKXbVGocHaoD255NzsphwsXZ2kwn1w/CBZWfYQMTBzX1XSuEH+289by6iCjsFxauEK9K mU9NNHo/FPgjllLjqt0= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=uscourtsgov.com; b=DMgL1q5bb7jGWBCGMnCr7g8z40+WBtAM2fmKliQKMsJlG6SNfaUA0LOb/nmWVhB8qJGu2MNqLzbg pRdu+VMbzO4+NiYZb6iRJwy6uhfsTMRhDSKt65vrSjK7WpcrL5jQn4XBa7ZS5AvJlZ5YE4G5MhDC /ZInsqy+FRCHlUmOfx0=; Content-Type: multipart/mixed; boundary="Apple-Mail=_7A94787E87-891E-D23B-FE9B-E0AF862ED6E" Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) Subject: Case 137-28-ZGC From: "Dominick Jones" <Dominick.Jones@uscourtsgov.com> Date: Tue, 8 May 2018 13:29:03 -0700 Message-Id: <086B03B8-1ABA-4893-B5F9-5CEE4A4E6E52@uscourtsgov.com> To: email@example.com X-redirected: yes This is a multi-part message in MIME format --Apple-Mail=_7A94787E87-891E-D23B-FE9B-E0AF862ED6E Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit DS WUU (Rev YZ/ZA) Civil Action No. 3KC-UI-BXM You're commanded to show up at the time, particular date, and place to actually admit at a deposition to be taken in this specific civil procedure. Pass word to access the doc is 615145 Best regards, Jerry Mcfadden United States District Court --Apple-Mail=_7A94787E87-891E-D23B-FE9B-E0AF862ED6E Content-Type: application/msword; name="scan_admin.doc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="scan_admin.doc" 0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAIQADAP7/CQAGAAAAAAAAAAAAAAABAAAAMAAAAAAAAAAA ... --Apple-Mail=_7A94787E87-891E-D23B-FE9B-E0AF862ED6E--
resume: how to get more security?
to rely on virus scanners or other firewall scanning appliances can be as sophisticated as they want – they all rely on known virus patterns.
it is possible since 10 years to pack / create „individual“ virusses that will bypass any virus detection system.
yes the world just got more complex – more work for admins = good or bad?
update your system / browser and UNINSTALL MICROSOFT OFFICE AND INSTALL LibreOffice / OpenOffice NOW!
after all meltdown and spectre meltdowns – what could lead to a more resilient it landscape is (just as in nature by the way): bio Diversity.
in computer terms: different kinds of prozessors / different kind of Operating Systems doing the important task. (e.g. intel and AMD CPUs of the last 20 years are known to be susceptible to meltdown and spectre but RISC-CPUs are not, like Freescale PowerPC RISC CPUs)
so if you want resilience in your it landscape: i guess you will have to run at least two servers doing the same task with completely different hard and software – and the task ought to be completed with two completely different programs with different concepts written in different languages.
sounds like a headache?
it surely is.
this is probably the most extreme kind of „error correction mechanism“ you can imagine.
but i bet it works.