I’ve received a response on a response I made to a job ad. It contains an attached text document that is supposed to be a more complete job description and a form I need to fill out. For a variety of reasons, I’m a little suspicious of the response – it’s not an obvious scam like many of the ones I’ve encountered online and tossed away, there’s SOME indication it is legit: but it could also be a slightly more subtle iteration of the phishing scams I’ve seen. I’d like to open the document to see what it is, but I’m not about to unless I know it’s not full of wormy trojans, malware and general badness.
I have noticed that Yahoo checks my uploads for viruses before allowing them to be sent, so my first question is: are attachments in Yahoo emails generally safe? I know links can lead to malware sites that will automatically upload key capture programs and such, but … what’s the deal with attachments?
Second question: my wife uses a Mac, can I send her the email and let her open it? Will the Mac OS keep her computer safe? Very few viruses are made for Macs.
Third question: is there any way I can scan the attachment for viruses/malware while they’re still on Yahoo’s servers?
I also assume that you have Windows set to show file extensions. For example
Hamish.txt is fine
But if I have Windows set to not show file extensions (which is the default), it could be
Hamish.txt.exe
To find out
Open Windows Explorer
Goto Tools Menu ->Folder Options…
Click View tab.
Uncheck ‘Hide file extensions for known file types’
Also be sure it’s not something like
hamish.txt…exe
Notice the spaces between txt and .exe to try and fool you
If it’s an actual .txt file you’re safe. Txt files are not executable
A text file may be used in the process of helping other malware. For instance, malware may install secretly and then this malware will read the txt file to execute it’s code.
They can contain scripts or exploits that allow execution of code. Scripts are (normally) disabled and won’t execute without your permission. But even then, there are exploits that take advantage of bugs in the program. If you’ve kept up with all of the Office patches, you’ve probably fixed most of the exploitable bugs. But not all.
The fact that is a .doc file “disguised” as .txt is very suspicious. I’d assume it’s malicious.
.doc files are not normally executable but in this case it might be.
Programs like Excel, Word and the like allow you to use macros and these can contain viruses and be executable.
A .doc file is safe, but a .doc file that has a macro in it may not be. And you can’t tell unless you open it, if it has or has not got a macro it.
If you have a good virus detector, the easiest solution is to save it to your computer, but don’t open it. Then run a scan on it with your antivirus and antimalware programs. You need to run both antivirus (like Microsoft Security or Avast or AVG) as well as antimalware such as Malwarebytes
If it doesn’t comes up, make a restore point on your computer then open it
Yahoo Mail has a built in antivirus scanner. But if you do not find this sufficiently safe, try opening it in Wordpad, rather than Word. Or in something like Open Office or AbiWord. None of these are even capable of running the types of macros DOC files use.
Ah, got it. That reduces my suspicions greatly, but it’s still prudent to open with something other than MS Word.
Another alternative, on top of those mentioned already, is Google Docs. That would let you view (and edit) without even downloading it, but you’d need a gmail or google docs account.
Assuming you have a version of Word newer than 1997, macros & such are disabled by default. So opening it ought to be safe.
If as you open it Word pops up a dialog warning about macros and asking if you want to enable them, *then *it’d be a good idea to say “no” and assume the file is malicious.
My wife opened it in the Mac, there were no problems with it from a worm, virusy consideration but my suspicions had grounds … it was an invitation to take a job “handling packages” for which I would be paid for $35 for each “handling” and some banking transactions, of course. In short, a scam. I’ll send it to the FBI, I’ve never seen one of these where they use a legitimate company as cover before.
You guys do realize that the Mac version of office also has vulnerabilities, right?
In which case it wouldn’t have helped much.
And you also know that even though most viruses are not targeted towards Macs, Macs aren’t magically immune to them or to other, much more viable forms of computer attacks (viruses are so passe), right?
OP, you should always have a virus scanner and protection on your PC, regardless of whether you are running windows or OSx.
And your office settings should be set to deny Macro use unless you allow it manually.
My wife used the bare-bones Text Edit program that comes with the Mac to open it (kinda like Wordpad). So, not so likely to be a problem. I did see there were vulnerabilities with Word for the Mac and Microsoft Office for the Mac, neither of which she uses. And we are aware that there are viruses written for the Mac, but also, not nearly as many as are written for the Windows OS. My computer is protected from viruses, but I still try to stay around from known sources of them, for example, porn sites with .ru extensions etc. Thanks for your concern!
Note that the “always show extension” setting doesn’t work 100% of the time. MS-Windows still will cut off a file name ending with “.url” (i.e., a link to a web page). So a file called “safe.txt.url” will appear as just “safe.txt” in MS-Windows. There is a registry patch to fix this. (But then your bookmarks in IE and such will appears as “www.site.com.url” for example.)
So clicking on a file you downloaded with a “safe” extension might instead open up a web page on a site loaded with malware.
But if you are looking at the file name inside Yahoo!'s email program, you should see the full name.
OTOH, due to alphabet encodings, something that might look like one character in the Roman alphabet is really another character in another font. So a link
to amazon.com, the first “o” might night really be an “o” and clicking on it takes you to some place evil.
So, never trust a file name, a link or an extension or …
One good solution for checking out a .doc file and avoiding any potentially malicious code embedded into it is to upload it to Google Docs and let them parse it for you.