BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)
Glen A. Pearce
nanog at ve4.ca
Thu Apr 27 01:53:13 UTC 2023
On 24/04/2023 10:24 a.m., Niels Bakker wrote:
> * nanog at ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]:
>> Well, I eventually had a friend open the attachment on his Linux machine
>
> Not necessarily a safe idea:
> https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/
> (scroll down to "Operation DreamJob with a Linux payload", sadly no
> anchors)
>
>
> -- Niels.
Thanks for the heads up on that. My situation (in this one case) was a
little different
from the example in the article you sent as I had already verified it
was a text file
(and not another type masquerading as a text file with funny
characters). I was just
concerned because I was wondering if someone had found a way to compromise
Windows Notepad (or at least some versions of it because Microsoft likes
to keep
changing things). I still kinda wonder now if there is some
vulnerability in Microsoft
Notepad somewhere because of a "feature" someone decided to add along
the way
that nobody needed and almost nobody known about....
The link you included might still save someone a lot of headaches one day.
I checked with my friend, what he did was use Linux on a virtual machine
with a static
hard drive then started "Nano" at the command line and used that to open
the file I
sent him. He's a lot more expert than me so I tend to trust that he
knows what he's
doing even if he doesn't fill me in on all the details. I guess in this
case he figured he
didn't need to fill me in on them until I asked. Though I did pass on
the article you
sent in case it's relevant to something he encounters in the future.
--
Glen A. Pearce
gap at ve4.ca
Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk.
Very Eager 4 Tees
http://www.ve4.ca
ARIN Handle VET-17
More information about the NANOG
mailing list