phishing or virus email

Discussion of items in the "What's New" log.

phishing or virus email

Postby info » Tue May 03, 2005 2:47 am

I just got bounceback emails from several servers regarding a forged message claiming to be from info at spamgourmet.com. The messages have an attachment with instructions to open it. If you get one of these, DON'T OPEN IT. Just delete the message. Not sure where it came from, or why someone would be be interested in targeting spamgourmet users, but there you go...

This happens a lot, but this particular message had some more care taken by the sender, in that it was forged to be from the "official" spamgourmet contact email, and had a link to our site.
Last edited by info on Tue May 03, 2005 3:26 am, edited 1 time in total.
info
Site Admin
 
Posts: 100
Joined: Thu Aug 28, 2003 12:54 pm

Postby info » Tue May 03, 2005 3:24 am

The bouncebacks I got had a subject:

Code: Select all
Subject: Registration Confirmation


and the body was like:

Code: Select all
Account and Password Information are attached!

Visit: http://www.spamgourmet.com

*** AntiVirus: No Virus found
*** "HOTMAIL" Anti-Virus
*** http://www.hotmail.com
info
Site Admin
 
Posts: 100
Joined: Thu Aug 28, 2003 12:54 pm

i recieved one

Postby djdd » Wed May 04, 2005 12:58 am

i recieved one of those messages but i don't recal if it was sent from spamgourmet or not.
djdd
 

Postby josh » Wed May 04, 2005 3:42 pm

Like pretty much all of these efforts, this one turns out to not be spamgourmet-specific, either -- it's just a recipe that takes the domain from the intended victim's email address and creates a link to 'www.[domain]' in the email. What struck me about this one is that it was using 'info' as the forged From: address, rather than 'admin', but now I've seen the 'admin' ones, too.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby LikwidFlux » Wed May 04, 2005 6:18 pm

I get one of these a day ;)

You'd have to be a moron to open these.
LikwidFlux
 

Postby Guest » Fri Jun 17, 2005 11:39 pm

I got three in my junk email today 1. welcoming me, 2. telling me my password was changed, 3. warning my that my address has been used to spam.

Sadly I replied to one before I came here to check. they were probably harvesting REAL email accounts. I did NOT open the attached file of course but did reply...sigh. I guess my real account will be hit in the next few days.
Guest
 

Postby josh » Tue Jun 21, 2005 12:13 am

Also, remember that if it's sent *to* a spamgourmet address, then it'll certainly go *through* spamgourmet on its way to you. That makes reading the headers difficult -- you'll see the spamgourmet server listed, but it won't be the first server.

General rules of thumb, though:

1) we don't send email to our users, except in reply, pretty much ever.

2) if we ever did send email to a user that wasn't a reply, it definitely, positively, absolutely wouldn't have an attachment.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Postby Jim27106 » Sun Mar 05, 2006 8:26 am

I tell my students to tell their friends to not open attachments unless it is from a trusted source and an expected attachment.

I then review three scenarios.
1) So, if you get an attachment from a dippy manager with the budget as an attachment called BudgetForecast.xls, scan it first.

2) And if you get an attachment from me (a trusted source :-)) out of the blue called GreatMovie.scr, scan it first.

3) If you get an attachment called questions.doc from a fool out of the blue asking why you visited illegal sites then you should just delete it.
Jim27106
 
Posts: 91
Joined: Sun Mar 05, 2006 8:07 am

Postby SysKoll » Mon Mar 06, 2006 1:37 am

I have a better solution: open suspicious MS OFfice attachments using OpenOffice. Yes, it's available on Windows, and it purposely does not execute code within data files (e.g., DOC or XLS files).

MS Office's inept design flaw of running arbitrary code within a data file makes Office a security liability. You cannot entrust a confidential file to a machine running Windows because of the number of Trojans these days. Many Trojans are propagated by Office files, ESPECIALLY these cute animations in Powerpoint format.

The really security-conscious people would either ditch Windows or use a sandbagged instance of Windows running as a guest OS inside VMWare on Linux.
-- SysKoll
SysKoll
 
Posts: 889
Joined: Thu Aug 28, 2003 9:24 pm


Return to What's New

Who is online

Users browsing this forum: No registered users and 2 guests

cron