They don’t stop trying to be sneaky

A recent issue I’ve encountered recently is where the user receives the following e-mail:

 From: “Automatic Email Delivery Software” <postmaster@[ISP]>

Subject: Returned mail: see transcript for details

Dear user of [ISP],


We have received reports that your account has been used to send a huge amount of junk email messages during this week.

We suspect that your computer had been compromised and now runs a trojan proxy server.


Please follow our instruction in the attached file in order to keep your computer safe.


Best wishes,

The [ISP] support team. 

Prior to this, the user had been seeing bounce-back messages from places she had never e-mailed suggesting that either she did have such a trojan installed or her e-mail account had been hacked.  The above e-mail also included an attachment which supposedly contained instructions.

This has been seen in various configurations over the past week or so.  I was fairly confident that the trojan did not exist as the user has a Mac (although using a Mac doesn’t make you immune to nasty software, it does put you in a category of very low risk).  So, working on the assumption that the e-mail account had been hacked, I changed her passwords on every account she had with this ISP.

Some of the e-mails that she received purported to be from someone other than her ISP.  The body text was identical, however.  This made it an obvious clue that the e-mails were being sent by someone with less than honorable intentions.  The second clue is that the instructions referenced in the e-mails was an attachment.  In all cases the attachment was either a .SCR file or a .ZIP file containing a .SCR file.  The .SCR extension denotes a Windows screen saver (not likely to work on the Mac in question).  As such it is an executable file and likely contained some sort of bad thing, likely the “trojan proxy server” as referenced in the e-mail.

It is unfortunate that these kinds of bad things occur and try to snare people further by claiming to be something kind when they’re not.  Other recent scams have been the greeting card e-mails which make it seem like a friend sent you a nice electronic card but you click on the link to go to the site and all havoc is wrought on your computer as a result.

Keeping yourself safe is becoming more of a challenge these days, especially when a new avenue of attack comes around (the greeting card method grabbed many by surprise before it became published in tech industry news).  The general advice is still the same:  Keep your anti-virus, anti-spyware, firewall, and operating system software up to date; if something comes through all that and still looks suspicious, ask someone you know to be more knowledgeable than yourself to take a second look at it.

Tags: , , , ,

Comments are closed.