tom982 Emeritus Joined May 31, 2012 Posts 4,352 Location New York May 24, 2017 #1 With the recent WannaCry outbreak, I decided to conduct a little test on my family to see if they would open an email attachment from me with a .docx.exe 'extension'. I knocked together a quick Wana Decrypt0r 2.0 clone that would display a message after 10 seconds, which should be long enough for the panic to set in without them doing anything drastic. It has a Word 2017 icon so it should look the part. Not sure if anyone else here will find a need for this, but I'm sharing it in case someone wants it. It's 100% safe, just a GUI and nothing else. View attachment 26321 View attachment WanaTest.exe.zip Will post the results tomorrow :) Edit: Underestimated the protections in Outlook, could be a bit harder to do this. I'll update this post when I fix it. Last edited: May 24, 2017
With the recent WannaCry outbreak, I decided to conduct a little test on my family to see if they would open an email attachment from me with a .docx.exe 'extension'. I knocked together a quick Wana Decrypt0r 2.0 clone that would display a message after 10 seconds, which should be long enough for the panic to set in without them doing anything drastic. It has a Word 2017 icon so it should look the part. Not sure if anyone else here will find a need for this, but I'm sharing it in case someone wants it. It's 100% safe, just a GUI and nothing else. View attachment 26321 View attachment WanaTest.exe.zip Will post the results tomorrow :) Edit: Underestimated the protections in Outlook, could be a bit harder to do this. I'll update this post when I fix it.
AceInfinity Emeritus, Contributor Joined Feb 21, 2012 Posts 1,728 Location Canada Jun 6, 2017 #2 Nice, I think there needs to be an outbreak of tests like this to prepare the average user for things like this because email-based viruses have been around for ages and unfortunately are still (apparently) a reliable method of spreading viruses.
Nice, I think there needs to be an outbreak of tests like this to prepare the average user for things like this because email-based viruses have been around for ages and unfortunately are still (apparently) a reliable method of spreading viruses.
tom982 Emeritus Joined May 31, 2012 Posts 4,352 Location New York Jun 6, 2017 #3 Don't suppose you have a spare 0-day? Haven't yet tested this, but hope to this week. I didn't realise Outlook blocked .exe files, so I've had to make a spreadsheet with a macro to download and execute the file from my server. Windows Defender only catches the exe (Heuristic Win32/Fuery.A!cl) after it's executed... great protection huh. Any future time the macro is run, the exe is deleted before being executed. Just need to come up with something to fill the spreadsheet with to convince them to click the "Enable editing" and "Run macros" buttons, without being at all targeting.
Don't suppose you have a spare 0-day? Haven't yet tested this, but hope to this week. I didn't realise Outlook blocked .exe files, so I've had to make a spreadsheet with a macro to download and execute the file from my server. Windows Defender only catches the exe (Heuristic Win32/Fuery.A!cl) after it's executed... great protection huh. Any future time the macro is run, the exe is deleted before being executed. Just need to come up with something to fill the spreadsheet with to convince them to click the "Enable editing" and "Run macros" buttons, without being at all targeting.