3

As in the title - I received an email reply to a months old thread containing a password protected zip file. I had previously asked them for a particular CAD file, but this was months ago and we had resolved the issue without me ever needing the file.

My internal alarms are going off. The thing is, it was sent as a reply to the conversation that we previously had. The original sender is a legitimate business that I am comfortable dealing with, and I have no other reason for suspicion. However, the message was accompanied with no other explanation, just a message telling me the password was 1234567.

Is it possible his email account is compromised and being used to send malware? Is there a safe way to inspect this file?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Bassinator
  • 155
  • 5

2 Answers2

3

You are correct to be suspicious. This fits a pattern of recent phishing styles and indicates that the account was compromised.

The easiest course of action is to call/text/IM the sender to confirm (just not email).

schroeder
  • 123,438
  • 55
  • 284
  • 319
3

This file contains malware, and your contact's system was compromised.

But why the author answered an old email with a password-protected zip file?

The reply is to make you believe your contact have anything to add, so it's not an email out of nowhere, is a reply to a conversation. The zip file is encrypted so automated email scanning will not be able to scan its contents, and if you extract the contents of the zip file and run any of its contents, you will be compromised to.

What you do? Don't open any of the contents of the zip file and alert your contact about this infection. You could extract the contents on a virtual machine (a Linux virtual machine will be better) and send the files to any online virus scanning service, like virustotal, for example.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142