Don't spend a lot of time on this - I'm posting it in case anyone has
immediate ideas.

I am using Thunderbird for my Email, version 17.0.2.

I got several messages from a friend which were, based on the Subjects,
slide show albums. The subjects started with FW which led me to believe
that they were forwarded messages, and the sender had forwarded them to
me and several other people.

I looked at only one of them. The way the message appeared to me in
Tbird was an empty message text area and an attachment, shown as a paper
clip and "1 attachement" at the bottom of the screen. Normally a
forwarded message would, I believe, include the text of the message
being forwarded, or at least a note from the forwarder saying something
about why the message is being forwarded.

At any rate, I assumed from the Subject that the attachment was the
slide show file, with an extension of pps, which I believe is Microsoft
Presentations, which I don't have. I do have OpenOffice, however, so I
thought I could open the file in it.

This is where weirdness begins. At the bottom of the message pane is the
attachment, as I mentioned. Off to the right is a button labelled "Save"
and a smaller button with a downward pointing triangle opening into a
list with Open, Save As, Detach, and Delete.

If I choose Save, Tbird doesn't suggest a file name or a file type,
which I thought was odd.

If I try to Open the file, Tbird says I've chosen to open "inbox" which
is a "messsage/partial (2.9MB)" which I thought was very odd indeed.
Then I have the option to browse for something which will open the file.
I forget exactly what I did at that point, but somewhere along the way I
got what looked like a message but with all the detailed formatting
stuff in it. I didn't spend a lot of time, but didn't see anything
embedded that was a file name and extension.

I tried Save As and gave the attachment a .pps extension. That may be
where I saw the Email-ish stuff, opening the thing in OpenOffice.

I am not sure what happened, but I am guessing that my friend forwarded
the original message, in its entirety, as an attachment. I don't know
whether that process would properly preserve the "real" attachment that
was, presumably, part of the original message, or not.


--
Guerri

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

Guerri,

When I receive an email like that -- a blank message especially, very little text, or no explanation -- even if it's from someone I know, I don't attempt to open the attachment...but I will send an message to the person who sent it to be sure it's a legitimate email.

Judy

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

Guerri,

When I receive an email like that -- a blank message especially, very little text, or no explanation -- even if it's from someone I know, I don't attempt to open the attachment...but I will send an message to the person who sent it to be sure it's a legitimate email.

Judy

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

It was a legitimate Email. But thank you, because it didn't even cross
my mind that it could be an instance of someone having hacked the
sender's Email account and then sent messages to everyone in her address
book!

Guerri
On 1/14/2014 12:00 PM, Judy Madnick wrote:
> Guerri,
> When I receive an email like that -- a blank message especially, very
> little text, or no explanation -- even if it's from someone I know, I
> don't attempt to open the attachment...but I will send an message to
> the person who sent it to be sure it's a legitimate email.
> Judy

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

In general, I'm guessing that opening attachments would be a good way to expose oneself to exploits of vulnerabilities in widely used applications, such as Adobe Acrobat Reader, MS Office, Open Office, etc.

That is probably a good reason to keep as many of your programs patched and up to date as possible.

I use Secunia PSI and Qualys browsercheck to do such checking.

If you can extract / save the attachment out of the email, you may then check the attached file at VirusTotal. That's a more or less safe way to go.

FWIW, I think there is even a Firefox extension that will automate the VirusTotal checking process. Of course you'd have to be using a web mail (browser) interface (to download the attachment) for that to be a relevant choice in checking email attachments.

Thanks, David. The Email is from a trusted source. Having said that, I
suppose that nothing can be trusted these days, as the trusted source,
acting in good faith, may have unknowingly acquired some sort of malware.

Guerri
On 1/15/2014 1:18 PM, davidh wrote:
> In general, I'm guessing that opening attachments would be a good way to
> expose oneself to exploits of vulnerabilities in widely used
> applications, such as Adobe Acrobat Reader, MS Office, Open Office,
> etc.
>
> That is probably a good reason to keep as many of your programs patched
> and up to date as possible.
>
> I use Secunia PSI and Qualys browsercheck to do such checking.
>
> If you can extract / save the attachment out of the email, you may then
> check the attached file at VirusTotal. That's a more or less safe way to
> go.
>
> FWIW, I think there is even a Firefox extension that will automate the
> VirusTotal checking process. Of course you'd have to be using a web
> mail (browser) interface (to download the attachment) for that to be a
> relevant choice in checking email attachments.
>
>

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

Guerri, I have received bogus emails from some of my best friends because their accounts were hacked. There is no such thing as a "trusted source." I have found that the most common result of a hacked account is the sending of a link or an attachment with no message or with a message that doesn't ring true.

Judy



Original message
From: "Guerri Stevens" <guerri (AT) guerristevens (DOT) com>
To: dixonary (AT) googlegroups (DOT) com;
Dated: 1/16/2014 5:59:34 AM
Subject: Re: [Dixonary] OT: Weird Attachment

Thanks, David. The Email is from a trusted source. Having said that, I
suppose that nothing can be trusted these days, as the trusted source,
acting in good faith, may have unknowingly acquired some sort of malware.

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

I have had back and forth conversations with this particular sender, and
she really did send the message. I have not heard from her on my theory
that she forwarded the original message as an attachment rather than
inline. I haven't played with doing that to find out how such a
forwarding would look.

Guerri

On 1/16/2014 9:54 AM, Judy Madnick wrote:
> Guerri, I have received bogus emails from some of my best friends
> because their accounts were hacked. There is no such thing as a
> "trusted source." I have found that the most common result of a hacked
> account is the sending of a link or an attachment with no message or
> with a message that doesn't ring true.
> Judy
>

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

Once I've determined that the email and attachment are really from the person who apparently sent it, I will try to open it. There have been times when I've had a similar problem as yours.

Judy



Original message
From: "Guerri Stevens" <guerri (AT) guerristevens (DOT) com>
To: dixonary (AT) googlegroups (DOT) com;
Dated: 1/17/2014 7:45:15 AM
Subject: Re: [Dixonary] OT: Weird Attachment

I have had back and forth conversations with this particular sender, and
she really did send the message. I have not heard from her on my theory
that she forwarded the original message as an attachment rather than
inline. I haven't played with doing that to find out how such a
forwarding would look.

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

Speaking about "trusting", not even the most reliable "sources" can be fully trusted.

For example, at least a couple times I have had Microsoft Windows Update break things on my PC, one 'optional' update came within a hair's breadth of me having to reinstall Windows.

Even using VirusTotal to check attachments is vulnerable to so called zero-day exploits (new attacks for which signatures or heuristic detection has not yet been developed).

I follow two RSS news feeds from the Internet Storm Center isc.sans.edu almost every day. I don't understand much of the technical stuff they talk about anymore, but I do understand enough of it to get a "heads up" on some problems that affect my PC.

David H.

Thanks, David. The Email is from a trusted source. Having said that, I
suppose that nothing can be trusted these days, as the trusted source,
acting in good faith, may have unknowingly acquired some sort of malware.

Guerri
On 1/15/2014 1:18 PM, davidh wrote:
> In general, I'm guessing that opening attachments would be a good way to
> expose oneself to exploits of vulnerabilities in widely used
> applications, such as Adobe Acrobat Reader, MS Office, Open Office,
> etc.
>
> That is probably a good reason to keep as many of your programs patched
> and up to date as possible.
>
> I use Secunia PSI and Qualys browsercheck to do such checking.
>
> If you can extract / save the attachment out of the email, you may then
> check the attached file at VirusTotal. That's a more or less safe way to
> go.
>
> FWIW, I think there is even a Firefox extension that will automate the
> VirusTotal checking process. Of course you'd have to be using a web
> mail (browser) interface (to download the attachment) for that to be a
> relevant choice in checking email attachments.
>
>

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.

IOW I am not the only person who keeps needing to go back to before the
"update"?

Dave


On Friday, January 17, 2014 2:42:38 PM UTC-5, davidh wrote:

>
> Speaking about "trusting", not even the most reliable "sources" can be
> fully trusted.
>
> For example, at least a couple times I have had Microsoft Windows Update
> break things on my PC, one 'optional' update came within a hair's
> breadth of me having to reinstall Windows.
>
> Even using VirusTotal to check attachments is vulnerable to so called
> zero-day exploits (new attacks for which signatures or heuristic
> detection has not yet been developed).
>
> I follow two RSS news feeds from the Internet Storm Center isc.sans.edu
> almost every day. I don't understand much of the technical stuff they
> talk about anymore, but I do understand enough of it to get a "heads up"
> on some problems that affect my PC.
>
> David H.
>
> Guerri Stevens;78895 Wrote:
> > Thanks, David. The Email is from a trusted source. Having said that, I
> > suppose that nothing can be trusted these days, as the trusted source,
> > acting in good faith, may have unknowingly acquired some sort of
> > malware.
> >
> > Guerri
> > On 1/15/2014 1:18 PM, davidh wrote:
> > > In general, I'm guessing that opening attachments would be a good way
> > to
> > > expose oneself to exploits of vulnerabilities in widely used
> > > applications, such as Adobe Acrobat Reader, MS Office, Open Office,
> > > etc.
> > >
> > > That is probably a good reason to keep as many of your programs
> > patched
> > > and up to date as possible.
> > >
> > > I use Secunia PSI and Qualys browsercheck to do such checking.
> > >
> > > If you can extract / save the attachment out of the email, you may
> > then
> > > check the attached file at VirusTotal. That's a more or less safe way
> > to
> > > go.
> > >
> > > FWIW, I think there is even a Firefox extension that will automate
> > the
> > > VirusTotal checking process. Of course you'd have to be using a web
> > > mail (browser) interface (to download the attachment) for that to be
> > a
> > > relevant choice in checking email attachments.
> > >
> > >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Dixonary" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
>
> --
> davidh
>
> DH
>

--
You received this message because you are subscribed to the Google Groups "Dixonary" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dixonary+unsubscribe (AT) googlegroups (DOT) com.
For more options, visit https://groups.google.com/groups/opt_out.