¿ªÔÆÌåÓý

  1. GroupManagersForum
  2. Topics

Suspicious file attachment in pending messages section #spam

 

I just received a post from a seldom-used group with an attachment that looks suspicious.? ?There is no file description and the message just asked people to look at the attached summary and even the title of the post is a little strange.? However, there is a signature on the message from an obscure government agency that seems authentic and is the exact kind of person I am trying to attract to this community, so if it is a virus someone went to some effort to create the message.??

Is there a way to check this file?? It is sitting unapproved on Groups.io servers and I am afraid to download it and of course, I don't want to approve and send to everybody.? Any suggestions?

Rob
 

Rob,


I just received a post from a seldom-used group with an attachment that looks suspicious.

Do you mean a Message Approval Needed notification?

There is no file description and the message just asked people to look at the attached summary and even the title of the post is a little strange.

That hits my "don't touch that" buttons. Particularly given the implication that you don't know the sender well and were not expecting a message of that sort.

Is your group set to allow posts from non-subscribers?

However, there is a signature on the message from an obscure government agency that seems authentic and is the exact kind of person I am trying to attract to this community, so if it is a virus someone went to some effort to create the message.??

The bad guys are often very clever. They'll start with a copy of a legit communication (from an agency or company) to make their message look legit.


Is there a way to check this file?? It is sitting unapproved on Groups.io servers and I am afraid to download it and of course, I don't want to approve and send to everybody.? Any suggestions?

I would trust your suspicions and delete the pending message without downloading the attachment. I probably wouldn't even bother attempting to contact the sender - anyone sending me an attached file in their first communication with me is probably up to no good.

Shal

--
Help: /static/help
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list
 

Yes, it is in the unapproved messages, however it is from an influential but obscure local public agency with the signature of a high-level staff member so I don't want to delete.? Is there no way to check?? Would it even get on groups.io servers if it had a virus?? I thought they also checked.?
 

Rob,

Yes, it is in the unapproved messages, however it is from an
influential but obscure local public agency with the signature of a
high-level staff member so I don't want to delete.
Well, if you can wait a few days maybe give that person a phone call to verify that they sent the message, and what is in it. I don't know about your situation, but given the name of an agency and a person it should be possible to get through to them.

Or, since you feel it is likely to be legit, copy their name and email address from the pending message and send them an email thanking them and asking for details. You don't have to tip your hand that you were initially suspicious. After confirmation you can approve the message.

If your group has other moderators you might want to start and then cancel an edit to the message. That will "claim" the message in your name so that they will get a warning message if they try to approve it.

Is there no way to check?
Again depending on your level of confidence, you might go ahead and download it. Depending on the security settings and software you have it may get checked during download or when you open it.

Would it even get on groups.io servers if it had a virus? I thought
they also checked.
They do, and IIRC if a threat were detected the message wouldn't even have made it to your Pending list.

Nevertheless, I tend to be paranoid about out-of-the-blue messages bearing "gifts". With all the new threats out there I'm never entirely sure that my antivirus is up to date enough, even when it says it is.

Shal


--
Help: /static/help
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list
 

Thank you - I did, of course, know that I could write and ask, but I was hoping someone knew of a tool where this could be safely downloaded and checked.? ?
 

On 4/20/19 2:44 AM, Rob Gordon wrote:
I was hoping someone knew of a tool where this could be safely downloaded and checked.
It could be something innocent, like a PGP signature.

Anyway, download it to a Linux box, and extract the file.

Linux, not Windows. Malware operators default to Windows, unless they
know that their target exclusively uses Mac or Linux. For a mailing
list, the assumption is that the users will be on Windows.

There are a couple of AV programs that run on Linux, specifically to
look for malware targetting Windows.
I have no idea what the name of the AV software is, or even if it is any
good.

I've got a sacrificial Linux box with WINE installed, to run suspicious
files on. Most malware for Windows does a crash and burn under WINE, but
usually leaves enough evidence to indicate what it was attempting to do.
I also run tripwire, which tells me what was installed, and where it was
installed.tripwire

jonathon
 

An alternative would be to go to a commercial office center with computer work stations available. Such as FedEx Office. Sign on to one of their computers -- thirty cents a minute at FedEx in New York -- and try and open the email. The commercial places have very robust malware detection and AV programs. If the attachment looks hinky when scanned the computer will warn you and won't let you open it.

I agree with some of the others, however, when I occasionally get an email that looks suspicious I delete it on sight. I even go to the Recently Deleted folder and delete it from there. Especially if it arrives in a group pending file, I don't hesitate, it's history.

tommy0421

1 - 7 of 7