Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Strange goings-on with email attachments!  (Read 7904 times)

renluop

  • Kitizen
  • ****
  • Posts: 3326
Strange goings-on with email attachments!
« on: February 25, 2015, 08:23:09 AM »

What follows is what I posted on another forum, but I thought maybe the thoughts of some here could be worthwhile. A virus scan was clear.


Quote
One email attachment in English, the other in an Asian script!
My wife and I receive separate emails concerning forthcoming events from a local society. The attachment in hers was in English mine in some Asian language.

All the full headers (message ID &c) and time sent were identical, but when I checked the properties very late last evening I was sure the file sizes differed considerably. This morning I detached both from their parent emails.What followed was even odder, that both are in the foreign script. I feel I am going doolally-tap, sp what could be going on?
Logged

tickmike

  • Kitizen
  • ****
  • Posts: 3640
  • Yes Another Penguin !. :)
Re: Strange goings-on with email attachments!
« Reply #1 on: February 25, 2015, 12:20:38 PM »

Delete them . :o

The 'local society' has been hacked and all there email address's have been used for spam  :(



Logged
I have a set of 6 fixed IP's From  Eclipse  isp.BT ADSL2(G992.3) line>HG612 as a Modem, Bridge, WAN Not Bound to LAN1 or 2 + Also have FTTP (G.984) No One isp Fixed IP >Dual WAN pfSense (Hardware Firewall and routing).> Two WAN's, Ethernet LAN, DMZ LAN, Zyxel GS1100-24 Switch.

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Strange goings-on with email attachments!
« Reply #2 on: February 25, 2015, 12:30:09 PM »

Delete them . :o

The 'local society' has been hacked and all there email address's have been used for spam  :(

I would agree.

But I am a tiny tad concerned...

Quote
The attachment in hers was in English mine in some Asian language.
have either of these (presumably) malicious attachments already been opened?   

If not, then don't.   If so, be on the look out for any oddities, virus scans are by no means totally reliable.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Strange goings-on with email attachments!
« Reply #3 on: February 25, 2015, 02:47:26 PM »

Yep, first saved my attachment whilst still attached and opened it, then detached and opened both this morning. One other thing, last night I read mine in my browser, whilst she in her IPod.
I shall do a Malwarebytes scan, though with the full version it should have been picked up. Any other scans you can think of? Then maybe on to somewhere like Bleeping Computer.

On basis of tickmike's suggestion, am I correct that all the other members' emails and attachments will have been infected? Would transmission of attachments as PDF' s be safer than Word?
Logged

sevenlayermuddle

  • Helpful
  • Addicted Kitizen
  • *
  • Posts: 5369
Re: Strange goings-on with email attachments!
« Reply #4 on: February 25, 2015, 04:05:29 PM »

My view is that the spammers must have some motive.   If there was an obvious commercial motive from the text in the attachment, such as inviting you to visit some web site, or buy something, then there may be no need to worry.  No reason to assume it is any more malicious than that.

I was really just making the point that virus scanners are only really good at detecting viruses once they have been documented.    A brand new virus can circulate for a few days before the AV updates catch up.  There's not a great deal you can do, other than worry, and worrying is never productive.    If it were me then I'd be tempted to run a few different scanners, just for comparison, otherwise just put the back of your mind but be wary of any odd behaviour.

I don't think .pdf attachments are intrinsically any safer than word attachments.    My own golden rule is simply to never open an attachment of any type, unless it is something I am reasonably expecting to receive, no matter who appears to have sent it, and no matter who else is receiving it.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Strange goings-on with email attachments!
« Reply #5 on: February 26, 2015, 12:23:59 AM »

Its also worth contacting the local society to see if they sent them out intentionally and if anyone else had reported problems.

I find it strange that your wife was able to view it in English, but it appears to have only converted into Asian type script when transferred on your PC.   It's possible that it contained a bad script to run only on a specific o/s.. 

however if what your wife viewed was valid info about forthcoming events, its hardly likely that someone would take the specific time to program a society specific virus... leading to the possibility that a PC at the society is infected by a worm deliberately targeting MSWord.  It can do this by the use of macros, but most decent AV's will usually inform of any type of macro before opening attachments.  I'm pretty certain that iOS doesnt understand MS macros and therefore cant run or display them.

Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Strange goings-on with email attachments!
« Reply #6 on: February 26, 2015, 10:40:58 AM »

Message was definitely genuine, as we get many from the society and both persons involved in the message and attachment are known to us as secretary and trips organiser. What, of course, I do not know is their personal computers' status, if sometime they were used in sourcing the attachment.

Well, I found a Windows app called Polyglot 3000 and put the script in, and up came the English version with what I would expect to see. now where's Alice to say, "curiouser and curiouser"?
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Strange goings-on with email attachments!
« Reply #7 on: February 26, 2015, 12:49:35 PM »

BTW they use yahoo.co.uk as email client , and and earlier problems with yahoo at start 2014 do have me wondering....
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Strange goings-on with email attachments!
« Reply #8 on: February 26, 2015, 01:14:40 PM »

I wonder if this is simply some sort of encoding or font error. There's a similar thing here.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Strange goings-on with email attachments!
« Reply #9 on: February 27, 2015, 11:22:47 AM »

Ronski, thanks for the link. very interesting.

I received another email this morning. This time it was from the person, who would have passed the first word file to the society for attachment to initial email. This morning's email also bore an Word attachment, entirely different in nature, but it also, when saved, had the foreign script on opening. Polyglot 3000 revealed the English text. In both cases the foreign text appeared identical.

I have attached a PDF that shows in order
The foreign text
Extract of first attachment in email originated by the society, as revealed by Polyglot
Extract of second attachment in email originated person's personal email address.

This morning I asked a friend to make a Word file and send it me in an email. It opened perfectly.

Am I right that the problem lies remotely from my system, and most likely is with "the person, who would have passed the first word file to the society for attachment to initial email", as mentioned above?
Logged

renluop

  • Kitizen
  • ****
  • Posts: 3326
Re: Strange goings-on with email attachments!
« Reply #10 on: March 03, 2015, 06:52:11 PM »

Solved following IT boffin son-i-l, who wrote me, "This can happen when the required font is missing and a substitute font is used by word but it picks an odd one it's unclear from your picture whether it is just a foreign font actually a foreign language! If you just change the font to something normal".

The sender was using a non standard font, and as he suggested my computer was using a random one instead.
Just in case the society uses that font again, I've now installed it.

Thanks all and i hope this info may be helpful to someone in the future,
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: Strange goings-on with email attachments!
« Reply #11 on: March 03, 2015, 10:11:03 PM »

Thanks for letting us know, so my guess was correct.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Strange goings-on with email attachments!
« Reply #12 on: March 04, 2015, 12:02:30 PM »

Glad that you found out what it was :)
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
 

anything