{"id":16550,"date":"2021-09-28T16:48:38","date_gmt":"2021-09-28T15:48:38","guid":{"rendered":"https:\/\/ekiwi-blog.de\/?p=16550"},"modified":"2023-02-25T20:13:01","modified_gmt":"2023-02-25T19:13:01","slug":"scam-mail-find-attachment-po-with-rar-file","status":"publish","type":"post","link":"https:\/\/ekiwi-blog.de\/en\/16550\/scam-mail-find-attachment-po-with-rar-file\/","title":{"rendered":"Scam mail: find attachment PO with RAR file"},"content":{"rendered":"

Another scam mail, claming to be an PO (purchase order) from some company.<\/p>\n

<\/p>\n

You should always be caredful when receiving an email from an unknown origin. Especially, when there is an attachment in the email, you should pay attention to.<\/p>\n

Our newest member in the series of scam, is a false purchase order mail. The target is clear, make the user curious about the content, that they hopefully will open the attachment and run it.<\/p>\n

In our case, we have a RAR file in the email. I am not sure why they use the RAR format and not the ZIP format, because you would need additional software like WinRar or 7zip to extract the file.<\/p>\n

\"\"<\/p>\n

In general, it is best to just delete the mail. But we want a closer look and start the Linux virtual machine. We open the RAR file and find an .exe file in the archive, which means it is a Windows executable file. When you run the file on your Windows system, it will get infected with malware.<\/p>\n

\"\"<\/p>\n

The check with VirusTotal.com confirms the suspicion. But as you can see only 15 out of 57 anti virus tools currently detect the malware.<\/p>\n

\"\"<\/p>\n

So the general advice as always, be careful with file attachments<\/a> you get via email. Always double check the content, for example with online services like VirusTotal.com, since your locally installed anti virus solution might not detect the malware.<\/p>","protected":false},"excerpt":{"rendered":"

Another scam mail, claming to be an PO (purchase order) from some company.<\/p>\n","protected":false},"author":1,"featured_media":16557,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1552],"tags":[1601,1590],"class_list":["post-16550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet-en","tag-malware-en","tag-scam"],"_links":{"self":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/16550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/comments?post=16550"}],"version-history":[{"count":0,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/16550\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media\/16557"}],"wp:attachment":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media?parent=16550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/categories?post=16550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/tags?post=16550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}