Sunday, June 14, 2009

Preying on Fears...

I checked my SPAM box just for fun on one of my email accounts I only use for "giving out to places that may SPAM me"... and found something amusing. Someone is preying upon the craziness of the Internet to spread some malware... which isn't all that interesting except for I wonder how many people actually fall for this.

Yelling "FIRE!" in a movie theater will get people to get up and run, even if they don't see or smell a fire - it's no different on the 'net. Just a friendly reminder not to trust emails and to keep spreading the word to people who would otherwise not know better.

SPAM From: "Microsoft"
SPAM Subject: "Use this patch immediately!"
SPAM Content:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
SPAM Attachment: patch.exe
SPAM Header:
From Microsoft Fri Jun 12 10:52:22 2009
Return-Path: <admin@duma.gov.ru>
Authentication-Results: mta142.sbc.mail.mud.yahoo.com from=microsoft.com; domainkeys=neutral (no sig); from=microsoft.com; dkim=neutral (no sig)
Received: from 204.127.208.83 (EHLO sccwmxc03.att.net) (204.127.208.83)
by mta142.sbc.mail.mud.yahoo.com with SMTP; Fri, 12 Jun 2009 10:52:22 -0700
Date: Fri, 12 Jun 2009 17:52:22 +0000 (GMT)
Received: from localhost (slip-12-64-120-75.mis.prserv.net[12.64.120.75](untrusted sender))
by att.net (sccwmxc03) with SMTP
id <20090612175216s0300gm37ae>; Fri, 12 Jun 2009 17:52:16 +0000
From: "Microsoft"
To: <********@att.net>
Subject: Use this patch immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
Content-Length: 12963
I do notice that Yahoo! does immediately dump this into the SPAM directory (hopefully because the domainkeys doesn't authenticate) but there should be a bigger warning! If the DomainKeys auth doesn't match there should be a big, blaring, impossible-to-miss flashing red sign on the header that says "THIS IS FORGED"... but that's just my suggestion.

No comments:

Google+