Re: [Mimedefang] arj file extension
On 8/9/2017 9:39 AM, Joseph Brennan wrote: New one to me-- a phish came in with a .arj attachment. Pretty old format. We're going to block it, since I doubt anyone uses it this side of the 90s. Holy time-machine, Batman. Perhaps they are trying to infect some legacy system and it's a targeted attack? Does 7-zip or something handle it and it has some obscure auto-execution concept? Wow! KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] arj file extension
On Wed, Aug 9, 2017 at 11:36 AM, Kris Deugauwrote: > Joseph Brennan wrote: >> >> New one to me-- a phish came in with a .arj attachment. Pretty old >> format. We're going to block it, since I doubt anyone uses it this >> side of the 90s. > > > If you've still got the spample, check the content of that file. It's > probably a RAR archive. Ha ha. It turns out to be a typo by the sender! This one was "Remittance_382922_pdf.arj". Someone else this morning got "Remittance_382922_PDF.jar" inside "Remittance_382922_pdf.zip", which has to be the same spam. I base64-decoded the spample attachment, but neither unzip nor jar tf can open it, so I wonder what else the spammer did wrong. I'm done with this one. Next! -- Joseph Brennan Lead, Email and Systems Applications ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] arj file extension
Joseph Brennan wrote: New one to me-- a phish came in with a .arj attachment. Pretty old format. We're going to block it, since I doubt anyone uses it this side of the 90s. If you've still got the spample, check the content of that file. It's probably a RAR archive. I've seen RAR files with all kinds of mismatched extensions. -kgd ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang