Discussion:
[Mimedefang] arj file extension
Joseph Brennan
2017-08-09 13:39:54 UTC
Permalink
New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.
--
Joseph Brennan
Lead, Email and Systems Applications

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://
Kris Deugau
2017-08-09 15:36:33 UTC
Permalink
Post by Joseph Brennan
New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.
If you've still got the spample, check the content of that file. It's
probably a RAR archive.

I've seen RAR files with all kinds of mismatched extensions.

-kgd
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/list
Joseph Brennan
2017-08-09 17:16:05 UTC
Permalink
Post by Kris Deugau
Post by Joseph Brennan
New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.
If you've still got the spample, check the content of that file. It's
probably a RAR archive.
Ha ha. It turns out to be a typo by the sender!

This one was "Remittance_382922_pdf.arj". Someone else this morning
got "Remittance_382922_PDF.jar" inside "Remittance_382922_pdf.zip",
which has to be the same spam.

I base64-decoded the spample attachment, but neither unzip nor jar tf
can open it, so I wonder what else the spammer did wrong. I'm done
with this one. Next!
--
Joseph Brennan
Lead, Email and Systems Applications

_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listin
Kevin A. McGrail
2017-08-09 15:04:00 UTC
Permalink
Post by Joseph Brennan
New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.
Holy time-machine, Batman. Perhaps they are trying to infect some
legacy system and it's a targeted attack?

Does 7-zip or something handle it and it has some obscure auto-execution
concept?

Wow!
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list ***@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman

Loading...