Skip navigation.
Home

RTF malware?

|

I just received email telling me that BMW has selected me for a big prize and a brand new car, which is all very flattering and all considering that I drive a battered old 1996 Honda. But the cynic in me couldn't help wondering why the notification was in the form of an RTF document attached to the email when the information could just as easily have been inlined into the email body. Running "strings" on the document didn't show anything obviously suspicious (other than the request for all kinds of personal information, of course :-), and it scanned clean at Virustotal. OTOH we know that it's possible to have malicious content embedded in RTFs (e.g., see http://blogs.pcmag.com/securitywatch/2007/05/a_longignored_vulnerability_rt.php).

Short of actually opening the document (and so executing anything malicious it might harbor), is there any way to tell whether there's any executable content hidden in the file?

Thanks,
-solar

Please upload

Could you please upload it here ?

uploaded

md5 is 8b6ea8adf170093b8543a3acc5c78016

s.

It's not malware, just a phish attempt

I highly doubt BMW would be having you email personal information to claimsdept_2009@hawamail(dot)com, it appears to be some Arabic language free email service akin to hotmail.