"Here You Have" ...

... a user IQ test

from JoeUser Forums

If you've not been unlucky enough to run into it and/or see the news of the last 24 - 48 hours, there's a nasty little e-mail worm making the rounds, normally with a subject line of "Here You Have" or something similar.  Attached there-in is a .scr file and/or .pdf attachment that includes some nasty payload objects that will load your system up with a keylogger and other unwanted items.

I bring up the issue because as the issue ignited it reared its ugly head at my place of work as more than a few people in my area fell victim to this latest example of social engineering.  Apparently all of them forgot a few basics about having and using an e-mail account:

First, is the e-mail from someone I know?

Second, was I expecting communication from this individual?

Third, NEVER RUN FILES THAT SOMEONE ELSE SENDS YOU VIA E-MAIL, NO MATTER HOW WELL YOU KNOW THEM.  If you really trust the individual and have communicated through other means such that you know they sent you something, then you might chance it, but you are still far better off to go find whatever it is for yourself -- from a reliable source -- and then run a copy that you obtained through proper channels.

Thank the powers that be that most of our users (at my job) are locked down such that they can't install software on their systems.  They can try, but they don't have the rights necessary to do it.  In the past I used to complain about that a bit as most of the users in my area are smart enough and reliable enough to be trusted with such rights, until, well, until they prove otherwise, which some of their brethren did yesterday.

So, as PCWorld (among others) noted, if you are too much a goofball not to fall for such things, you've proven your own incompetence in dealing with social engineering attacks and flunked one of the simplest IQ tests.  Congratulations, we'll be by later to confiscate your computer and help you pack up your office if need be ;)

1,477 views 3 replies
Reply #1 from JoeUser Forums Top

Before now, PDFs were not a problem (like JPGS and Giffs).  And this one is not either! (I got one).  But the PDF is password protected and gives you an "option" of reading it in HTML if you "forgot" the password.  That is what gets you - when you click on the link for the HTML (trojan horse) version.

I still do not think you can get infected with just a PDF, but they do contain hyperlinks that can get you if you follow them.

Reply #2 from JoeUser Forums Top

I still do not think you can get infected with just a PDF, but they do contain hyperlinks that can get you if you follow them.
End of quote

Careful with that thought.  Adobe has had more than a few "zero day" exploits with their Adobe Reader that can do some pretty bad damage to systems.  Most involved running Java scripts and such, but still, just receiving a malformed .pdf file can be enough to do serious damage to your system.

I still say there's a special hell reserved for the people that come up with this stuff, or so I hope, but I also blame sloppy programmers at Adobe, Microsoft and similar places for not being more thorough in testing their code and making it more bulletproof.

The Political Machine 2024
Reply #3 from JoeUser Forums Top

Most involved running Java scripts and such, but still, just receiving a malformed .pdf file can be enough to do serious damage to your system.
End of quote

Damn!  Will have to put them on the banned list for friends and relatives too.  Thanks for the tip.

I still say there's a special hell reserved for the people that come up with this stuff, or so I hope,
End of quote

I hope so too!