Creativity and Cracking

Leave a Comment

I got an interesting email today. The contents of which are below (links weren’t suspicious, but were removed):

Please open the attached document. It was scanned and sent to you using a Xerox WorkCentre Pro.

Sent by: the-espositos.net
Number of Images: 1
Attachment File Type: ZIP [PDF]

WorkCentre Pro Location: Machine location not set
Device Name: B5SQ1CXA7J

Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/

It had a ZIP file attached.  Looks pretty legit, right? Except, I don’t own a Xerox anything. Now the company I work for may, but anyone sending me documents from work wouldn’t appear to be coming from my personal domain. But being who I am, I had to open it to see what was inside.

Taking precautions, I saved the attachment and scanned it. No viruses. Disappointing. Maybe it’s sophisticated enough that there isn’t a signature for it yet? So, I used a “non-standard” method of unzipping it, which would not execute any binary code within. I was really expecting a sophisticated attack vector.  I thought I’d actually get a PDF file that I’d be tricked into opening with the latest version of Adobe that I was just instructed to download. So, I’d open the PDF, with new software I trusted, downloaded from a verified source and still be subject to an exploited flaw that would compromise my system. What a Zero day attack that would have been!

I was planning how to identify the flaw and counter it’s effects (I will admit I was pretty clueless here, getting ready to allow my VM to succumb to the attack while another VM snooped and recorded all the outbound ethernet traffic), when I looked and saw a lone .exe file sitting all alone and vulnerable in the directory. Scanning it produced nothing also. So it was just a lame windows Trojan exe.

I was hoping with the creative nature of the introduction to this threat, that we’d have something exciting and potentially dangerous. But sadly it was just a new dress on an old pig.

Remember, don’t open attachments in email if you don’t know what they are. If it was something important, someone you know would say, “Did you get the images I sent you the other day?” To which you can reply, “No, send them again. Um, were they safe for work?”

Virtual Machines deleted. A lot of work for nothing.

Leave a Reply

Your email address will not be published.

seven − four =