[clue-admin] Virus and a Joe Job
Collins Richey
crichey at gmail.com
Fri Feb 3 16:54:14 MST 2006
On 2/3/06, Jed S. Baer <thag at frii.com> wrote:
> I got a "bounce" message from Postfix, and it appears that maybe what's
> happening it that somebody is sending out bogus CLUE membership e-mails,
> in an attemtp to spread a piece of malware. I dunno what it is, because
> unzip says it's a corrupted zip file.
>
> The "vector" appears as originating from 216.145.68.23, and here are what
> I think are the orginal headers:
>
> Received: by clue.denver.co.us (Postfix)
> id 28AD8500C2; Fri, 3 Feb 2006 07:55:44 -0700 (MST)
> Delivered-To: jccann at cluedenver.org
> Received: from clue.denver.co.us (unknown [216.145.68.238])
> by clue.denver.co.us (Postfix) with ESMTP id 85DDD5008D
> for <president at clue.denver.co.us>; Fri, 3 Feb 2006 07:55:42 -0700
> <BR><STRONG>Dear Clue Member, </STRONG><BR>
> <BR>We have temporarily suspended your email account
> president at clue.denver.co.us.<BR>
>
> Mostly, I wonder how widespread this is. It's kinda tough to imagine a
> spoof such as this going out as just your average type virus. I mean, why
> the CLUE specific message?
>
I would say it's quite widespread. I get mal-mail of this sort every
day for [fill in the blanks organization]. The orgnaization [banks,
ebay, you name it] changes all the time. The scumbags try their best
to look legitimate, hoping that you will cough up your details. Maybe
you didn't respond to the one masquerading as a bank, but you use
Ebay, so you're tricked into responding.
It's JAS (just another scam).
--
Collins Richey
Debugging is twice as hard as writing the code ... If you write
the code as cleverly as possible, you are, by definition, not
smart enough to debug it.
-Brian Kernighan
_______________________________________________
CLUE-admin mailing list
CLUE-admin at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-admin
More information about the clue-admin
mailing list