2

I have my own Office 365 tenant, and yesterday I got an email from the IT manager of an eligible chemical company in India, where the email contains a password-protected PDF. The email did not go to my junk. So (I know that I should not have done this for security purposes) inside my Outlook desktop application inside my Windows 11, I clicked on the attachment where I got a dialog to enter the password.

At that time, I felt there might be something wrong so I did not enter the PDF password, and I closed the PDF and removed the whole email from my Inbox and Trash folders.

Here is the email I got after I hid the personal info:

enter image description here

So could I have harmed my PC or email account? I have a licensed AVG Internet Security antivirus which is up to date and my Windows 11 is up to date and has all the updates installed. I ran a full virus scan and the AVG Internet security did not report anything. I also restarted my Office 365 email password and my Outlook email password since I am using both inside my Outlook desktop application.

I contacted the company that sent the email through their info email, and I replied to the message asking the user about the email. Also, I contacted the person on LinkedIn, but did not get any reply.

Any further advice? and what could be my current situation?

Improve this question
3
  • 2
    All we can do is guess. If it was actually a true PDF, then the password prompt would have to have been entered before anything in the PDF could be triggered. But it could have not been a PDF but a program to look like a PDF, in which case, anything could have happened. However, that's unlikely, but not impossible. Commented Oct 12, 2024 at 9:56
  • @schroeder Ok so let take the worst case scenario, and it was a malware that looks like a PDF with password dialog.. then what i can do now? my windows 11 is up to date and i have AVG anti-virus.. nothing raised any thing when i open the file and i did a full scan and nothing was mentioned Commented Oct 12, 2024 at 11:33
  • We can't tell you what to do because malware doesn't do only one thing. In short, you look for evidence of infection, and if there is, you wipe the device and rebuild fro backup data. Commented Oct 13, 2024 at 16:57

2 Answers 2

Reset to default
2

Yes, even password-protected PDF file could hold malicious links or functions (That could be triggered before password prompt)!!

Technical

If you're not confident with the source of your PDF file, having them protected by a password won't attest this file is clean!

Once you clicked on the file to open it, as Postscript is a programming language, there is no way to be sure they don't do anything before asking you for a password.

To ensure the source of the file, you may want the sender of the file to sign the PDF file before sending them! (No password is needed to verify a signature!). This will attest the sender of the file, but if you don't know them, this won't much improve confidence!

In fact, the only way to be confident is to be confident about the creator of the file! The creator should then sign his file (and keep his private key secure). Then you could verify the file's signature before opening.

How to safely read suspicious file

There are a lot of ways, depending on your knowledge, your environment and your habits.
Better, if you don't know what you do, is to not do.

I personally use hd and strings first, in order to search for malicious code. Then pdftotext, but in a sandbox, or even gs -sDEVICE=png16m ..., for sample.

Please read further information in these questions:

Regarding the mail you posted and your description

If I said something like There is a very low chance this file is dangerous, the fact you write: "the person on LinkedIn, but did not get any reply" would cause me concern!

"The AVG Internet security did not report anything!"

If a hacker target your company, they could create specific malware using postcript language!

In this case, this will be a new virus, then there are low chance your anti-virus will detect it!

Improve this answer
11
  • 1
    @Hauri - Give Up GitHub ok thanks for the reply.. i do not want to send any file this is not my main concern. so could i have harmed my laptop since i click on the PDF attachment? if the answer is Yes, then what i need to do to minimize any risk? again i did not enter the password inside the password dialog Commented Oct 11, 2024 at 12:42
  • 1
    You could ask sender to do so if it''s a collaborative third person... Commented Oct 11, 2024 at 13:11
  • 1
    The OP did not open the file, only got the password prompt. Could "malicious links and functions" apply if the file isn't fully opened? Commented Oct 12, 2024 at 9:46
  • 1
    @schroeder Again: As Postscript is a full programming language, there is not way to be sure password prompt is not a fake! Commented Oct 12, 2024 at 10:02
  • @F.Hauri-GiveUpGitHub Ok , So if we take the worst-case scenario, and assuming the attachment was a malware that looks like a PDF with password dialog. then what i can do now? my windows 11 was up to date and i have AVG anti-virus.. nothing raised anything when i opened the file and i did a full scan and nothing was mentioned that i am infected Commented Oct 12, 2024 at 11:33
0

could i harmed my PC or email account?

It’s highly likely you haven’t:

  1. You never downloaded it. That was smart.
  2. A recently asked question asked whether ‘viewing’ a potentially malicious PDF in their email in the browser was dangerous: according to the top answer, it’s not very dangerous.
  3. The password-protected part probably actually helped you, assuming that it legitimately was password-protected. The contents of the PDF are probably encrypted before a correct password is entered- encrypting malware often (but not always) makes it less dangerous.
Improve this answer
6
  • 1
    What mean not very dangerous? Still dangerous, but not very? Could this be dangerous or not? Please keep in mind: PDF is an extension of Postscript and Postscript is a complex programming language! So yes, if you don't trust emitter, stay care!! Commented Oct 12, 2024 at 8:58
  • 1
    File was opened in the desktop Outlook. So your points 1&2 don't apply. "encrypting malware often (but not always) makes it less dangerous" -- I think I know what you meant to say with that, but as written, it's demonstrably incorrect. Commented Oct 12, 2024 at 9:51
  • 1
    @schroeder My first point does apply, because as far as I’m aware, downloading a file and getting emailed a file are not even remotely similar. As for my second point, I don’t have any concrete evidence for this but it seems likely that in terms of file handling in this context, the outlook application and outlook webapp would behave similarly. And as for my third point, your comment: ”If it was actually a true PDF, then the password prompt would have to have been entered before anything in the PDF could be triggered” is exactly the point I made, just in slightly worse phrasing. Commented Oct 12, 2024 at 11:05
  • 1
    I am not arguing to be pedantic, I am arguing because I feel like you have unfairly written off my answer as something completely different to what it is… Commented Oct 12, 2024 at 11:05
  • @security_paranoid so let take the worst case scenario, and it was a malware that looks like a PDF with password dialog.. then what i can do now? my windows 11 is up to date and i have AVG anti-virus.. nothing raised any thing when i open the file and i did a full scan and nothing was mentioned Commented Oct 12, 2024 at 11:32

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.