Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - If it's Free, YOU are the Product InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

If it's Free, YOU are the Product

Published: 2016-09-13
Last Updated: 2016-09-13 00:28:10 UTC
by Rob VandenBrink (Version: 1)
5 comment(s)

This is a commonly used phrase, usually when describing free products on the internet (often social media sites).

When my wife asked me to convert a PDF to a DOCX file, I thought I'd test this proverb in a slightly different way.  I googled "convert PDF DOC", and tried the first group of "free" online converters.

Of the ones that are actually free, I took the resultant DOC file and pulled it apart, first just by unzipping it, then in much more detail using some of the tools on Lenny Zeltser's cheat sheet page on analyzing malicious documents: https://zeltser.com/analyzing-malicious-documents/.  At this point I think you know where I'm going.

Yes, 3 of the first 5 on the list converted to doc files that contained <gasp> malware - Angler variants all of them.  So an "older" kit, but an exploit all the same. 

So I guess it's true, you are the product! 

Oh, and my wife's request?  I just opened the PDF in Word 2013 and did a "save as".  Some of the graphics were lost, but everything she needed came through just fine!

===============
Rob VandenBrink
Compugen

5 comment(s)
Diary Archives