Kitz Forum

Internet => Web Browsing & Email => Topic started by: renluop on February 25, 2015, 08:23:09 AM

Title: Strange goings-on with email attachments!
Post by: renluop on February 25, 2015, 08:23:09 AM
What follows is what I posted on another forum, but I thought maybe the thoughts of some here could be worthwhile. A virus scan was clear.


Quote
One email attachment in English, the other in an Asian script!
My wife and I receive separate emails concerning forthcoming events from a local society. The attachment in hers was in English mine in some Asian language.

All the full headers (message ID &c) and time sent were identical, but when I checked the properties very late last evening I was sure the file sizes differed considerably. This morning I detached both from their parent emails.What followed was even odder, that both are in the foreign script. I feel I am going doolally-tap, sp what could be going on?
Title: Re: Strange goings-on with email attachments!
Post by: tickmike on February 25, 2015, 12:20:38 PM
Delete them . :o

The 'local society' has been hacked and all there email address's have been used for spam  :(



Title: Re: Strange goings-on with email attachments!
Post by: sevenlayermuddle on February 25, 2015, 12:30:09 PM
Delete them . :o

The 'local society' has been hacked and all there email address's have been used for spam  :(

I would agree.

But I am a tiny tad concerned...

Quote
The attachment in hers was in English mine in some Asian language.
have either of these (presumably) malicious attachments already been opened?   

If not, then don't.   If so, be on the look out for any oddities, virus scans are by no means totally reliable.
Title: Re: Strange goings-on with email attachments!
Post by: renluop on February 25, 2015, 02:47:26 PM
Yep, first saved my attachment whilst still attached and opened it, then detached and opened both this morning. One other thing, last night I read mine in my browser, whilst she in her IPod.
I shall do a Malwarebytes scan, though with the full version it should have been picked up. Any other scans you can think of? Then maybe on to somewhere like Bleeping Computer.

On basis of tickmike's suggestion, am I correct that all the other members' emails and attachments will have been infected? Would transmission of attachments as PDF' s be safer than Word?
Title: Re: Strange goings-on with email attachments!
Post by: sevenlayermuddle on February 25, 2015, 04:05:29 PM
My view is that the spammers must have some motive.   If there was an obvious commercial motive from the text in the attachment, such as inviting you to visit some web site, or buy something, then there may be no need to worry.  No reason to assume it is any more malicious than that.

I was really just making the point that virus scanners are only really good at detecting viruses once they have been documented.    A brand new virus can circulate for a few days before the AV updates catch up.  There's not a great deal you can do, other than worry, and worrying is never productive.    If it were me then I'd be tempted to run a few different scanners, just for comparison, otherwise just put the back of your mind but be wary of any odd behaviour.

I don't think .pdf attachments are intrinsically any safer than word attachments.    My own golden rule is simply to never open an attachment of any type, unless it is something I am reasonably expecting to receive, no matter who appears to have sent it, and no matter who else is receiving it.
Title: Re: Strange goings-on with email attachments!
Post by: kitz on February 26, 2015, 12:23:59 AM
Its also worth contacting the local society to see if they sent them out intentionally and if anyone else had reported problems.

I find it strange that your wife was able to view it in English, but it appears to have only converted into Asian type script when transferred on your PC.   It's possible that it contained a bad script to run only on a specific o/s.. 

however if what your wife viewed was valid info about forthcoming events, its hardly likely that someone would take the specific time to program a society specific virus... leading to the possibility that a PC at the society is infected by a worm deliberately targeting MSWord.  It can do this by the use of macros, but most decent AV's will usually inform of any type of macro before opening attachments.  I'm pretty certain that iOS doesnt understand MS macros and therefore cant run or display them.

Title: Re: Strange goings-on with email attachments!
Post by: renluop on February 26, 2015, 10:40:58 AM
Message was definitely genuine, as we get many from the society and both persons involved in the message and attachment are known to us as secretary and trips organiser. What, of course, I do not know is their personal computers' status, if sometime they were used in sourcing the attachment.

Well, I found a Windows app called Polyglot 3000 and put the script in, and up came the English version with what I would expect to see. now where's Alice to say, "curiouser and curiouser"?
Title: Re: Strange goings-on with email attachments!
Post by: renluop on February 26, 2015, 12:49:35 PM
BTW they use yahoo.co.uk as email client , and and earlier problems with yahoo at start 2014 do have me wondering....
Title: Re: Strange goings-on with email attachments!
Post by: Ronski on February 26, 2015, 01:14:40 PM
I wonder if this is simply some sort of encoding or font error. There's a similar thing here (https://forum.openoffice.org/en/forum/viewtopic.php?f=7&t=12167).
Title: Re: Strange goings-on with email attachments!
Post by: renluop on February 27, 2015, 11:22:47 AM
Ronski, thanks for the link. very interesting.

I received another email this morning. This time it was from the person, who would have passed the first word file to the society for attachment to initial email. This morning's email also bore an Word attachment, entirely different in nature, but it also, when saved, had the foreign script on opening. Polyglot 3000 revealed the English text. In both cases the foreign text appeared identical.

I have attached a PDF that shows in order
The foreign text
Extract of first attachment in email originated by the society, as revealed by Polyglot
Extract of second attachment in email originated person's personal email address.

This morning I asked a friend to make a Word file and send it me in an email. It opened perfectly.

Am I right that the problem lies remotely from my system, and most likely is with "the person, who would have passed the first word file to the society for attachment to initial email", as mentioned above?
Title: Re: Strange goings-on with email attachments!
Post by: renluop on March 03, 2015, 06:52:11 PM
Solved following IT boffin son-i-l, who wrote me, "This can happen when the required font is missing and a substitute font is used by word but it picks an odd one it's unclear from your picture whether it is just a foreign font actually a foreign language! If you just change the font to something normal".

The sender was using a non standard font, and as he suggested my computer was using a random one instead.
Just in case the society uses that font again, I've now installed it.

Thanks all and i hope this info may be helpful to someone in the future,
Title: Re: Strange goings-on with email attachments!
Post by: Ronski on March 03, 2015, 10:11:03 PM
Thanks for letting us know, so my guess was correct.
Title: Re: Strange goings-on with email attachments!
Post by: kitz on March 04, 2015, 12:02:30 PM
Glad that you found out what it was :)