Security News > 2023 > July > Google Virus Total leaks list of spooky email addresses

Non-executable files containing malware were rarely shared, and could easily and automatically be identified if you tried to share one by mistake because they lacked the tell-tale starting bytes of a typical program file.

Firstly, numerous malware families sneakily store at least some of their own needed data as added information in the personal part of such files, so that trying to bowdlerise, redact or rewrite the sensitive, "Unsharable" parts of the file causes the malware to stop working, or to behave differently.

A file containing a structured list of some 5600 names, email addresses and cybersecurity affiliations of Virus Total customers was uploaded to Virus Total's scanning-and-sharing service by mistake.

Ask yourself how many different file upload services your own company uses for various purposes, and whether you would back yourself never to put the right file in the wrong place yourself.

If you've ever sent the right email to the wrong person, you should assume that uploading the right file to the wrong place is the sort of mistake that you, too, could make, leaving you asking yourself, "What was I thinking?".

We're willing to bet that the Google employee who uploaded the wrong file in this incident would much rather be sitting down right now to negotiate with the IT department about having overly strict upload restrictions relaxed.

News URL

https://nakedsecurity.sophos.com/2023/07/19/google-virus-total-leaks-list-of-spooky-email-addresses/