Hello, welcome to the Monday, July 24th, 2017 edition of the Sandtonet Storm Center's Stormcast. My name is

Johannes Ulrich, and today I'm recording from Washington, D.C. I'm here at Sands Fire, of course, this week.

Now, if you are attending, we do have our handler panel in the evening on Monday 7.30. It starts. You

need to have a conference badge in order to attend. We do have about a dozen different

handlers present to talk about what we sort of saw of interest last year. Also, Mark Sachs will be attending with his collection of

crypto machines. I think it's probably now one of the largest private collections of

crypto machines that he'll bring along, including his enigma and a number of other rather unique

machines.

But in other news, we do have an interesting diary by DDA.

DDA is writing about how ISO attachments are being used to infect users with malware.

Typically, ISO files are, of course, images of CD of CD ROMs or DVDs.

And now in this particular case, these ISO files will be mounted automatically by recent versions of Windows,

which will then expose malicious executables that are contained within the ISO file. DDS talking a little bit about how to analyze these attachments, how to extract the executable from them. So if you received any

attachments like that, of course, you may find it helpful to get you started in figuring out what the attachment

exactly contained. And NDDA also was lucky enough to receive another office document that was

spreading link files. Now, in a prior diary that he wrote,

that looked at one of those link files,

there wasn't really much metadata in it.

In this latest example,

he has a little bit more data telling us

more about the particular author of this sample.

The machine name was Frank, and we also have a volume

...