Peaches Posted July 21, 2010 Report Share Posted July 21, 2010 CSI:InternetEpisode 3: PDF time bombTom sends me something on 'NTFS internals' – technical details of the Windows file system implementation. How did he know that this had been sitting on my to-do list for ages? Had I mentioned it at lunch? Curious, I open the attached PDF.Before I even reach the end of the first paragraph, Adobe Reader closes of its own accord. In a bit of a doze, I click on the attachment for a second time and an action replay unfolds – the text appears in Adobe Reader and then the window vanishes all by itself just a few seconds later.At first sight, the file looked like it really might tell me all about NTFS. This is more than a little strange – suddenly wide awake, I take a closer look at the e-mail. What's with the formal "Regards, T Gibbs" at the end? Tom always signs off with "Cheers, Tom". A look at the full header tells me that this clearly hasn't been sent from one of our internal systems:Received from 113.112.141.166it's been sent from somewhere in Asia. Things are becoming clearer. The sender is faked and the PDF file is probably an attempt to infect my computer. But has it been successful?I could of course just restore the system image I created yesterday. That would take 30 minutes at most and I could then get on with doing the travel expenses that accounts has been nagging me about since last week. OK, that's it, I'm going to analyse the PDF file.Details plus screenshots - http://www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.