Re: BKA Wiesbaden - Abteilung Cybercrime (Not sure if this is a phishing E-mail or real...)

["Glen A. Pearce" <nanog () ve4 ca>]

On 24/04/2023 10:24 a.m., Niels Bakker wrote:
> * nanog () ve4 ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]:
> > Well, I eventually had a friend open the attachment on his Linux machine
>
> Not necessarily a safe idea:
> https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/
> (scroll down to "Operation DreamJob with a Linux payload", sadly no 
> anchors)
>
>
>     -- Niels.

Thanks for the heads up on that.  My situation (in this one case) was a 
little different
from the example in the article you sent as I had already verified it 
was a text file
(and not another type masquerading as a text file with funny 
characters).  I was just
concerned because I was wondering if someone had found a way to compromise
Windows Notepad (or at least some versions of it because Microsoft likes 
to keep
changing things).  I still kinda wonder now if there is some 
vulnerability in Microsoft
Notepad somewhere because of a "feature" someone decided to add along 
the way
that nobody needed and almost nobody known about....

The link you included might still save someone a lot of headaches one day.

I checked with my friend, what he did was use Linux on a virtual machine 
with a static
hard drive then started "Nano" at the command line and used that to open 
the file I
sent him.  He's a lot more expert than me so I tend to trust that he 
knows what he's
doing even if he doesn't fill me in on all the details.  I guess in this 
case he figured he
didn't need to fill me in on them until I asked.  Though I did pass on 
the article you
sent in case it's relevant to something he encounters in the future.

--
Glen A. Pearce
gap () ve4 ca
Network Manager, Webmaster, Bookkeeper, Fashion Model and Shipping Clerk.
Very Eager 4 Tees
http://www.ve4.ca
ARIN Handle VET-17