jrwrenopen office file format is now being used like ms office documents to attack windows desktops: https://blog.talosintelligence.com/2019/09/odt-malware-twist.html18:18
jrwreni guess that is the drawback of MS optionally adopting libreoffice formats18:18
cmaloneyI think that's also a drawback of using extensions to determine file type18:21
jrwrenextension is not mentioned at all AFAICT. ODT file format is mentioned.18:24
cmaloneyIt looks liek the anti-virus stuff isn't catching this because it's a .odt file18:24
cmaloneywhich it treats as a pkzip file18:24
jrwrenI did not read it that way at all.18:24
jrwrenI read it as it doesn't know the ODT format.18:25
cmaloneyThere have recently been multiple malware campaigns using this file type that are able to avoid antivirus detection, due to the fact that these engines view ODT files as standard archives and don't apply the same rules it normally would for an Office document. We also identified several sandboxes that fail to analyze ODT documents, as it is considered an archive, and the sandbox won't open the document18:25
cmaloneyas a Microsoft Office file. Because of this, an attacker can use ODT files to deliver malware that would normally get blocked by traditional antivirus software18:25
cmaloneyWe only found a few samples where this file format was used. The majority of these campaigns using malicious documents still rely on the Microsoft Office file format, but these cases show that the ODT file format could be used in the future at a more successful rate. In this blog post, we'll walk through three cases of OpenDocument usage. The two first cases targets Microsoft Office, while the third one18:25
cmaloneytargets only OpenOffice and LibreOffice users. We do not know at this time if these samples were used simply for testing or a more malicious context.18:25
jrwrenmaybe we are saying the same thing but from different ends.18:26
cmaloneymy contention is that treating files differently based on file extension is really not healthy18:28
jrwrenyup... magic is better ;)19:02
cmaloneyWell, with Systemd I'm sure "files" will no longer be an issue. ;)19:13
cmaloneyWe'll reinvent resource forks19:13
jrwrenEAs can hold a lot of data19:17
jrwrenxtrs all the datas19:17

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!