Computer Security Threats

Posted by: Bob Bayn on Mar 13, 2015

Watch Out for .ZIPs!

Don't Open Those Unexpected or Threatening Zip Attachments

Unexpected email about "notice to appear", "driving on toll road", "photo radar violation" and all sorts of Order/Payment/Billing/Delivery/Invoice problems may contain a ZIP file with malicious code in executable or javascript content.  The message subject may include your first name and what looks like a unique number.  Here's a recent example:

From: "State Court" <gerald.bxxx@xxxxx.com>
Subject: YOURNAME, Notice to appear in Court #0000332305
Attachment: Court_Notification_0003826.zip

This is to inform you to appear in the Court on the March 19 for your case hearing.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: The case will be heard by the judge in your absence if you do not come.

You can find the Court Notice is in the attachment.

Regards,
Gerald Bxxx,
District Clerk.

Other subject lines (sometimes with a name at the beginning) include:

  • We could not deliver your parcel, #00166435
  • Payment for driving on toll road, invoice #000488071
  • Shipment delivery problem #00000522245
  • Voicemail Message (07813245947) From:07813245947 
  • Bill of lading - Shipping documents
  • Courier was unable to deliver the parcel, ID0000523709
  • Outstanding Payment for PO_#45
  • DHL ONLINE SHIPPING PREALERT ADVISORY
  • FedEx SHIPPING DOCUMENT
  • Photo Radar Violation

In some cases, the USU email filter may detect the mischief and replace the .zip (or executable or javascript) file with a little text file named ATT00001.c which simply contains a text message notifying you that the original attachment was blocked.  If the zip or executable file is actually delivered, you can forward the message to phish@usu.edu for manual evaluation or you can download (without opening) the attachment and submit it to VirusTotal.com for evaluation by dozens of different AntiVirus engines.  At least a few of them will probably identify the mischief in the attachment file.  Be sure you delete the file you downloaded so you don't accidentally open it later!

Thanks for being an Internet Skeptic!