1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Security risk: Spam e-mail from "puremobile.com" confirming order! Virus through pdf?

Discussion in 'Networking & Security' started by scaminatrix, Mar 25, 2011.

  1. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,579 (2.15/day)
    Thanks Received:
    794
    Location:
    By the Channel Tunnel, Kent, England
    Hi all. I just got these 2 e-mails in my gmail account:

    FROM: coneal@serve.com
    TO: fmeg@mailcity.com


    FROM: {LINE[from_name]} <info@live-servers.net>
    TO: {#FIRST_EMAIL}


    If anyone gets this e-mail, don't open the pdf file for security reasons.

    How likely is it that the PDF file is a virus?
     
  2. erocker

    erocker Super Moderator Staff Member

    Joined:
    Jul 19, 2006
    Messages:
    39,662 (13.29/day)
    Thanks Received:
    14,055
    Unless I purchased something from a site called "puremobile" I would have no reason to open the email and most definitely not open some attatched file. That's virus protection 101.
     
  3. stefan95p New Member

    Joined:
    Mar 25, 2011
    Messages:
    1 (0.00/day)
    Thanks Received:
    0
    *
     
    Last edited: Feb 20, 2012
  4. Black Panther

    Black Panther Senior Moderator™ Staff Member

    Joined:
    May 30, 2007
    Messages:
    8,575 (3.21/day)
    Thanks Received:
    1,924
    I got something similar on the work email address. I don't remember the name of the company because it was some months ago. They said I had purchased some shoes costing some €700 and that the amount was debited from my visa. And yup I needed to open some file.

    I was nearly 100% sure it was a spam. But to check I went into my internet banking, found that no such debit had been effected from my account, and then deleted the email.

    Absolutely do not open files from such emails. If the info troubles you check your internet banking or if not available go to your bank. It's very likely only a scam.
     
  5. brandonwh64

    brandonwh64 Addicted to Bacon and StarCrunches!!!

    Joined:
    Sep 6, 2009
    Messages:
    18,584 (10.10/day)
    Thanks Received:
    6,091
    Location:
    Chatsworth, GA
    No puremobile exists or it usta exist cause i bought a Motorola V3I with Itunes *Unlocked* back in 2007 so i could use on my deployment to iraq
     
    Crunching for Team TPU
  6. scaminatrix

    scaminatrix

    Joined:
    Mar 1, 2010
    Messages:
    3,579 (2.15/day)
    Thanks Received:
    794
    Location:
    By the Channel Tunnel, Kent, England
    I always check the contents of the e-mail just to see how bad (laughable) it is. Gmail blocks images etc. by default for me, so I don't have to worry too much about opening the e-mail. Ofc, the attachment stays unopened.
    Aah, the good old days when I would just get my laptop out and infect myself for the lulz!

    Aah man, since you opened the PDF, I suggest you download Malware Bytes Anti-Malware and run a full scan mate.
    Personally, I would also ditch Norton and use Avast! free version, but that's down to preference.

    Yea, first thing I did was check my Paypal, since that's the only thing that's registered to the Gmail account (no online banking, etc).

    The thing I'm wondering the most - is it possible to send a virus through a .pdf file?

    Yea, it's still about now.
    Here's something interesting:

    http://www.dslreports.com/forum/r25650532-Credit-Card-Fraud-Who-is-Puremobile-

    Seems it's an Adobe exploit.
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Pdfjsc
     
    Last edited: Mar 25, 2011
    sttubs, 95Viper and tigger say thanks.
  7. od8086 New Member

    Joined:
    Apr 14, 2011
    Messages:
    1 (0.00/day)
    Thanks Received:
    2
    Location:
    hungary
    Hi. I'm working in the field of malware analysis, and at the company it was my duty to process these PDF samples. The files are malformed, and there is a malicious exploit too. If anybody is interested, just open the PDF (in a safe environment, VMWare for example), in Acrobat Reader, and when it grows to around 250 MB in the memory, save the whole dump. Search for the string JAAAA, and there will be many hits. That is one part of the injected shellcode (I dont remember the others, at home I didn't have the infected samples :)), and the technique used is called heap spraying (wikipedia, or just google it), that's why it grows in the memory. The essence of this exploitation method is to fill a big array in the memory with shellcode, then use some bug, to crash specific parts of the running program. In this case, there's a possibility of passing the control flow to the machine-code filled array, and voila.. :) In this case, I think it works only under certain versions of Acrobat Reader (and the version of the OS is crucial, too). Maybe before v9.2, I think, but haven't tested yet. Because of many reasons, especially in the case of suscpicious PDF files, don't trust just one AV software - use virustotal.com for example, or open it using google viewer. :)
     
    sttubs and scaminatrix say thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page