Even though I touched on the thought of dumping my E-Mail address in my latest Rant, I have not done so. This should not be much of a surprise since I posted My E-Mail Address Rant only a few hours ago. However, just a couple of those hours ago, I started to get, yet again, a virus that no information is posted about (that I have found).
The techniques to try and get people to "open that attachment" and infect systems really makes me laugh! I touched on several in my Free Beer Rant, but the following E-Mail(s) look like a new strain as sarc.com has nothing about it (yet). I am going to say it here and again at the end of this news post:
Everyone, I beg of you, STOP OPENING E-MAIL ATTACHMENTS!!!
Here is a cut and paste from the source of the header, with minor modifications to protect the innocent as well as the guilty:
From – Tue Mar 02 22:49:35 2004
X-UIDL: UOSVJKZ.CNM306272A5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Received: from spooler by mail.blackviper.com (Mercury/32 v4.01a); 2 Mar 2004 20:24:13 -0800
X-Envelope-To: <BVEDIT: REMOVED MY ADDRESS>
Return-path: <BVEDIT: REMOVED SPOOFED ADDRESS>
Received: from BASEMENTDELL (<BVEDIT: REMOVED ACTUAL IP ADDRESS>) by BVEDIT: REMOVED MY EMAIL SERVERS NAME (Mercury/32 v4.01a) ID MG000340; 2 Mar 2004 20:24:02 -0800
Date: Tue, 02 Mar 2004 22:23:26 -0600
To: BVEDIT: REMOVED MY ADDRESS
Subject: Email account utilization warning.
From: management@blkviper.com
Message-ID: <uxiyxiekwqaljwgovss@blkviper.com>
MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="——–ijrpvnyimxgnxhemlxek"
———-ijrpvnyimxgnxhemlxek
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Now the actual readable text:
Dear user, the management of Blkviper.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
Further details can be obtained from attached file.
Kind regards, The Blkviper.com team
https://www.blackviper.com
The following is just a small snapshot of the attachment information:
Content-Type: application/octet-stream; name="Readme.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Readme.pif"<BVEDIT: REMOVED BASE64 ENCODED VIRUS>
———-ijrpvnyimxgnxhemlxek–
Now, a few point to notice here:
- The grammar is pathetic. Much worse than mine. Regardless, it "looks" like an E-Mail that is automatically generated with random sentences. It is not "really" obvious in the above text because I have my HTML editor set up to "not allow more than one space." Several extra spaces exist between "chunks of words" in the E-Mail that suggest randomized content. However, notice the comma at the end of sentence one? Big give away.
- The "from" E-Mail address does not exist and never has.
- The message ID of "uxiyxiekwqaljwgovss@blkviper.com" is not valid. I know this because the message ID format my E-Mail server actually does generate is located on the Received line: MG000340.
An E-Mail I received only six minutes later had exactly the same subject line "Email account utilization warning." and many similar qualities like the first sentence:
Dear user, the management of Blkviper.com mailing system wants to let you know that,
Your e-mail account has been temporary disabled because of unauthorized access. For further details see the attach.
For security reasons attached file is password protected. The password is "55885".
Have a good day,The Blkviper.com team
https://www.blackviper.com
An attachment, named "Document.zip" was there. Also, again, the "from" address it seems to be originating is not valid, but instead of "management@" it is "support@." The second one originates from a different IP address, however.
Pathetic. Absolutely pathetic. Everyone, I beg of you: STOP OPENING E-MAIL ATTACHMENTS!!!