Wonder why it is difficult to email a new exe to a customer? I put it in a zip file.
On Thu, Feb 11, 2016 at 7:21 AM, Peter Cushing <[email protected] > wrote: > > On 10/02/2016 17:42, Ted Roche wrote: > >> <snip> >> >> Do you understand the mechanism within the DOCX files that's >> deliverying the payload? >> > No, but don't think it would help me anyway. We just need a reliable way > of determining if the word (or excel) file is infected. When they don't > show up on xx virus scanners on virus total what can you do? > >> >> I wonder if opening the DOCX files in a different reader, like >> OpenOffice might disarm the payload. Be careful: you're playing with >> fire, here. Supposedly, you can completely disable macros with: >> >> >> https://support.office.com/en-us/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12 >> > Our users sometimes get spreadsheets with macros from customers so > occasionally need to use this feature. The article also shows that you can > disable the feature but for trusted documents put them in a trusted > location to run the macro. will have to check if this is viable. > > We have just wiped the machine that did the damage but still could not > detect anything on it. You just could not trust the machine as it was. > > Turns out we were hit by crypto wall 4, but still don't know how it got > onto the machine. It might have been an email attachment but we can't find > anything suspicious in his email archive. > > Peter > > > > > Brave Soul at Pure London > 14th-16th Feb > Stand F44 > Mens and Womens > SS16 Stock and AW16 Preview > > > This communication is intended for the person or organisation to whom it > is addressed. The contents are confidential and may be protected in law. > Unauthorised use, copying or disclosure of any of it may be unlawful. If > you have received this message in error, please notify us immediately by > telephone or email. > www.whisperingsmith.com > > Whispering Smith Ltd Head Office:61 Great Ducie Street, Manchester M3 1RR. > Tel:0161 831 3700 Fax:0161 831 3715 > London Office:17-19 Foley Street, London W1W 6DW Tel:0207 299 7960 > > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/CAJidMY+4E3au_S7C=3b3txastd0svqphqf7qf19_bel-fyw...@mail.gmail.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
