Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: If it's Free, YOU are the Product - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
If it's Free, YOU are the Product

This is a commonly used phrase, usually when describing free products on the internet (often social media sites).

When my wife asked me to convert a PDF to a DOCX file, I thought I'd test this proverb in a slightly different way.  I googled "convert PDF DOC", and tried the first group of "free" online converters.

Of the ones that are actually free, I took the resultant DOC file and pulled it apart, first just by unzipping it, then in much more detail using some of the tools on Lenny Zeltser's cheat sheet page on analyzing malicious documents: https://zeltser.com/analyzing-malicious-documents/.  At this point I think you know where I'm going.

Yes, 3 of the first 5 on the list converted to doc files that contained <gasp> malware - Angler variants all of them.  So an "older" kit, but an exploit all the same. 

So I guess it's true, you are the product! 

Oh, and my wife's request?  I just opened the PDF in Word 2013 and did a "save as".  Some of the graphics were lost, but everything she needed came through just fine!

===============
Rob VandenBrink
Compugen

Rob VandenBrink

458 Posts
ISC Handler
OpenOffice Writer does im- and export of PDFs rather nicely.
(but even there you're now running danger of trojaned fake download sites -.- )
Visi

40 Posts Posts
Should it be "If it is free, you are the victim" ?
Anonymous

Posts
Maybe the search algorithm needs a security element. What you are saying is that I can download free tools to investigate malicious behaviour of free tools. It comes down to a trust issue.
Anonymous

Posts
doc2pdf or pdf2doc is some of the most common malware I see, and has been so for quite a while. I tell my users over and over again about converting docs in Office, but there are always some...
John

88 Posts Posts
This is very, very helpful. Has anyone done any additional research on other "free" sites? Working in IT today the pressure is always why is IT so expensive. I can do X for free on this or that website. This seems to be something ISC can track and help us train users in understanding that "free" means you are the product. This will be a cultural change that needs some good data. Free is pretty attractive.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!