subject:"Re\: \[Mimedefang\] arj file extension"

Re: [Mimedefang] arj file extension

2017-08-09 Thread Kevin A. McGrail


On 8/9/2017 9:39 AM, Joseph Brennan wrote:

New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.



Holy time-machine, Batman.  Perhaps they are trying to infect some 
legacy system and it's a targeted attack?


Does 7-zip or something handle it and it has some obscure auto-execution 
concept?


Wow!
KAM
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] arj file extension

2017-08-09 Thread Joseph Brennan

On Wed, Aug 9, 2017 at 11:36 AM, Kris Deugau  wrote:
> Joseph Brennan wrote:
>>
>> New one to me-- a phish came in with a .arj attachment. Pretty old
>> format. We're going to block it, since I doubt anyone uses it this
>> side of the 90s.
>
>
> If you've still got the spample, check the content of that file.  It's
> probably a RAR archive.

Ha ha. It turns out to be a typo by the sender!

This one was "Remittance_382922_pdf.arj". Someone else this morning
got "Remittance_382922_PDF.jar" inside "Remittance_382922_pdf.zip",
which has to be the same spam.

I base64-decoded the spample attachment, but neither unzip nor jar tf
can open it, so I wonder what else the spammer did wrong. I'm done
with this one. Next!

-- 
Joseph Brennan
Lead, Email and Systems Applications

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] arj file extension

2017-08-09 Thread Kris Deugau


Joseph Brennan wrote:

New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.


If you've still got the spample, check the content of that file.  It's 
probably a RAR archive.


I've seen RAR files with all kinds of mismatched extensions.

-kgd
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] arj file extension

Re: [Mimedefang] arj file extension

Re: [Mimedefang] arj file extension

3 matches

Site Navigation

Mail list logo

Footer information