Attached file WTF



  • This weekend I received an email from a local recruiter with the listing of his current jobs in some attached files. The files he attached to the email ended with ".pdf.exe" and ".docx.exe"



    When I emailed him back just to check that he really did use those names, and insinuating just maybe he might have been hacked, he replied that that yes, those were the intended names.



    This is a tech recruiter. This is an experienced recruiter. And when I removed the '.exe" part, they were indeed .pdf and .docx files



  • @OzPeter said:

    This is a tech recruiter. This is an experienced recruiter.
    Excised irrelevant words for you.



  • You just need to look at it from his point of view...

     

    "Daht eee ack see" is a holy phrase which must be spoken to appease the spirits who inhabit the server of the mail.  If you don't say that at the end of every file name the attachment will be struck by thunder and lightning once it leaves your "dehs-tahp" and you will look foolish for sending an email with no attachments.

    Once, a guy who knows a guy who used to work here tried to send an attachment and it didn't work.  So he used the magic phrase and made everything better.   Are you unable to email the master control program which runs your entire accounting system?  Just change the name from "runme.vbs" to "runme.vbs.exe" and all will be made better.  Photos from the office party not going through?  Change "SCAN TO SELF.jpeg.zip" to "SCAN TO SELF.jpeg.zip.exe".  Mail keeps coming back with an incomprehensible "There is no DNS server that can resolve this email address" message no matter how many times you try?  Just change the address from "abcwidgets@gmail" to "abcwidgets@gmail.exe" and Bob's your uncle.


     



  • @DCRoss said:

    Once, a guy who knows a guy who used to work here tried to send an attachment and it didn't work.  So he used the magic phrase and made everything better.   Are you unable to email the master control program which runs your entire accounting system?  Just change the name from "runme.vbs" to "runme.vbs.exe" and all will be made better.

    Strange. The mail system at my former job summarily deleted anything with .exe extension and anything with corresponding magic number and any archive that contained such thing. The only way to get .exe through it was in an encrypted zip archive. Even if you used the "mail code" that was usually needed to get any attachment through. It was a WTF, but mail system that rejects other attachments but accepts .exe is even bigger WTF.



  • @Bulb said:

    The only way to get .exe through it was in an encrypted zip archive.

    What about other archive formats? Like rar, 7z, tar or even gz?


  • Discourse touched me in a no-no place

    @Zemm said:

    @Bulb said:
    The only way to get .exe through it was in an encrypted zip archive.

    What about other archive formats? Like rar, 7z, tar or even gz?

    I get the impression that .rot128 would suffice to get through those sort of filters.


Log in to reply