Category Archives: Macro Security

Banking information

“Bigitte Gosselin brigitte.gosselin¬†” ( faked e-mail address innocent person )
Hi, PF!
Downloadable File – 63 KB

( PF is not a valid name it is a reference to: Packet Filter, also written pf) is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw and ipfilter. PF was developed for OpenBSD, but has been ported to many other operating systems. They have used a robot crawler, that has lifted the title of a book rather than an actual name )

“I am disturbing you for a very serious cause. Allhough we are not familiar, but I have considerable ammount of information about you. The fact is that, most likely by mistake, the information about your account has been emailed to me.
For instance, your address is:”
( the address is a protected domain address meaning the registration details are registered to a company that protects the identity of domain name owners. ).

“I am a law-abiding citizen, so I decided to warn may have been hacked. I pinned the file – that I received, that you could examine what info has become accessible for attackers. Document password is – 7706

Brigitte Gosselin”

( Traced original sender it is from China, and it seems to be an actual small work from home business. The document is password protected and it is a micro virus for Microsoft Windows, and relies on being opened when the user has a Internet connected  computer at the time of opening. It then would make a connection to an Internet site it attempts to steal passwords and put spyware on a Windows computer system it looks for banking information. On a UNIX/Linux system LibreOffice, default security would stop the code from running ( Macro Security default ). The robot crawler seems to be crawling eBay. Although I have never used eBay I once did a review on PF and that is why it is confused PF with my name. I traced the IP address among the fake IP address to China. It seems to be a small home business.
The website at the moment is scanning clear. Virus scanners are giving it the all clear. Explained its function and passed it on to Kaspersky. 30/03/2017. ).