|
Posted by JIP on December 5, 2005, 11:27 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hi
My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent out
(to old addresses, typing errors etc). However, some of them SAY something
was undeliverable, but require her to open an attachment to see the details.
She had the good sense not to do that, yet! So could anyone please advise,
do messages of this type usually have attachments, or is that the giveaway
that there's a "nasty" payload?
Many thanks
|
|
Posted by Dave Cohen on December 5, 2005, 12:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi
>
> My wife has been getting a lot of these of late. Some of them appear to be
> genuine in that the body of the message contains an email that she sent
> out (to old addresses, typing errors etc). However, some of them SAY
> something was undeliverable, but require her to open an attachment to see
> the details. She had the good sense not to do that, yet! So could anyone
> please advise, do messages of this type usually have attachments, or is
> that the giveaway that there's a "nasty" payload?
>
> Many thanks
I've read that this is one of the methods used to spread malware.
Dave Cohen
|
|
Posted by John Coutts on December 5, 2005, 2:22 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>Hi
>
>My wife has been getting a lot of these of late. Some of them appear to be
>genuine in that the body of the message contains an email that she sent out
>(to old addresses, typing errors etc). However, some of them SAY something
>was undeliverable, but require her to open an attachment to see the details.
>She had the good sense not to do that, yet! So could anyone please advise,
>do messages of this type usually have attachments, or is that the giveaway
>that there's a "nasty" payload?
>
>Many thanks
*************** REPLY SEPARATER ***************
You hit the nail on the head. and yes it is likely a virus (most likely a back
door trojan). The culprit will send an email to an address (usually unknown) on
a server that he knows will bounce the mail intact (complete with attachment)
using your address as the return address. It's a very sneaky way of making the
email looks semi legitimate. Mail bounces have become a major problem on the
Internet because many ISP's accept all mail to try and avoid dictionary
attacks, and then attempt to bounce them later. This not only facilitates the
type of mail that you have been receiving, but also creates a horrific volume
of useless connections. And the spammer cannot necessarily be blamed: it's the
software that allows him/her to take advantage of it.
J.A Coutts
|
|
Posted by Sanjaya on December 5, 2005, 6:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
[snip]
And the spammer cannot necessarily be blamed: it's the
> software that allows him/her to take advantage of it.
>
um... like "the guy who pulled the trigger isn't the killer... Smith and Wesson
is"?
|
|
Posted by Hoosier Daddy on December 5, 2005, 8:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi
>
> My wife has been getting a lot of these of late. Some of them appear to be
> genuine in that the body of the message contains an email that she sent out
> (to old addresses, typing errors etc). However, some of them SAY something
> was undeliverable, but require her to open an attachment to see the details.
Both scenarios are common for legitimate bounces. Some malware uses this
fact as a way to trick users into executing them.
> She had the good sense not to do that, yet! So could anyone please advise,
> do messages of this type usually have attachments, or is that the giveaway
> that there's a "nasty" payload?
There is no danger in saving the attachments and opening them with a safe
application. IOW (and as a general rule) it is better to open the application
(maybe notepad?) and have it open the file than it is to rely on associations
with extensions which "should" invoke the application those extensions are
associated with. You could save the attachments and rename the extension
to .txt and double click - but it is safer to open notepad and browse to the
saved files and open them. IIRC I have seen .DAT and .ATT as filename
extensions and have heard that danger could exist for .DAT as some files
with that extension are executables.
I'm guessing that in your case they are legitimate bounces, but commend
you wife for not trusting them anyway.
HD
|
| Similar Threads | Posted | | AVG email scanner not sending messages | June 11, 2005, 7:04 pm |
| AVG email scanner hangs/continues to scan endlessly after email download | November 10, 2006, 10:21 am |
| AVG outgoing mail scan returns mail as "undeliverable" | March 22, 2006, 5:38 am |
| McAfee Email Proxy error with Eudora Email-crash! | August 10, 2006, 4:18 pm |
| Personality of outgoing messages | July 19, 2005, 4:11 pm |
| error messages suddenly | June 26, 2007, 2:24 pm |
| Mcafee virus alert messages | August 31, 2005, 1:36 am |
| Avast update error messages | May 2, 2007, 10:14 am |
| Is it possible to trace source of messages bearing Netsky.R or .Q? | July 2, 2005, 6:19 pm |
| FIrewall removing Outlook messages with attachments ! | October 22, 2007, 1:49 pm |
|
XML site map