>So the question remains, can we get AFC modified to reject
>encrypted/password protected Office documents - or RTF office files -
>altogether? The reasoning is the same as rejecting encrypted zip files.
1. you'll need a sponsor
2. even if regular office documents are encrypted - assp/afc will detect
macros in there
so - it is still safe to let pass encryped office documents without macros
3. I'm unable to create RTF files with macros (tried office 2003, XP,
2013) - macros are removed
4. I'm unable to password protect RTF files (tried office 2003, XP, 2013)
- password is removed
3.and 4 may be possible using another software. It would be nice to have
such RTF files.
Thomas
Von: K Post <nntp.p...@gmail.com>
An: ASSP development mailing list <assp-test@lists.sourceforge.net>
Datum: 19.10.2016 02:20
Betreff: Re: [Assp-test] Password Protected "RTF" Files Slipping
Through
Thanks Bob for this research. We should be safe, even if a user opened it
here, but yeah, it's possible that we wouldn't be....
So the question remains, can we get AFC modified to reject
encrypted/password protected Office documents - or RTF office files -
altogether? The reasoning is the same as rejecting encrypted zip files.
On Tue, Oct 18, 2016 at 3:24 PM, Robert K Coffman Jr. -Info From Data
Corp.
<bcoff...@infofromdata.com> wrote:
> Ok, thanks to Doug and Ken for sending me a sample.
>
> This thing simply installs a Trojan (MBAM calls it "Trojan.Agent.VBS")
> and then connects to server(s) to download additional Malware, if the
> user opens it, enters the password (and has a version of Word that
> recognizes it) and then enables macros. I'd like to think that series
> of events is unlikely, but I know better.
>
> Some IPs I saw this system connected to on my firewall. Some of these
> may be legit and not malware relate (this is a re-imaged system and
> Office was trying to activate.)
>
> 23.35.18.164
> 8.253.32.142
> 184.51.112.8
> 184.51.112.154
> 13.107.4.50
> 184.51.112.8
> 134.170.53.30
> 23.96.212.225
> 191.237.218.239
> 23.96.212.225
>
>
> I haven't seen this thing hitting my mail server yet.
>
>
> - Bob
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
