On Wed, Aug 9, 2017 at 11:36 AM, Kris Deugau <kdeu...@vianet.ca> wrote:
> Joseph Brennan wrote:
>>
>> New one to me-- a phish came in with a .arj attachment. Pretty old
>> format. We're going to block it, since I doubt anyone uses it this
>> side of the 90s.
>
>
> If you've still got the spample, check the content of that file.  It's
> probably a RAR archive.


Ha ha. It turns out to be a typo by the sender!

This one was "Remittance_382922_pdf.arj". Someone else this morning
got "Remittance_382922_PDF.jar" inside "Remittance_382922_pdf.zip",
which has to be the same spam.

I base64-decoded the spample attachment, but neither unzip nor jar tf
can open it, so I wonder what else the spammer did wrong. I'm done
with this one. Next!


-- 
Joseph Brennan
Lead, Email and Systems Applications

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to