by: Seamus Dolly
While dragons are somewhat mystical and mythical, there exists another type of dragon. These ones are real enough and specialists at silent manoeuvres.
Unlike the dragons of legend, they come with help, or so it would seem.
Worms, mail worms or viruses, their names are less important than their action.
Cutting to the chase, see for yourself the reality, and reason to yourself your reaction, to such helpful mail;
START OF COPY
FROM Administration@myparticulardomain.com
SUBJECT Notify about using the e-mail account.
Dear user of myparticulardomain.com gateway e-mail server,
Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
Advanced details can be found in attached file.
For security purposes the attached file is password protected. Password is "77200".
Best wishes,
The myparticulardomain.com team
http://www.myparticulardomain.com
END OF COPY
Things to note about above mail;
I replaced the name of my domain with “myparticualdomain”
It also had an attachment “Attach.zip(12.4KB)”.
Double spacing between “Advanced” and “details”, and a similar deal with “For” and “security”.
Unavailable was miss spelt.
MOST IMPORTANT THING. I didn’t or don’t need this type of “help”.
Following is another example;
START OF COPY
FROM MAILER-DAEMON
SUBJECT DELIVERY REPORTS ABOUT YOUR E-MAIL.
Dear user me@myparticulardomain
We have found that your email account has been used to send a huge amount of junk e-mail during the recent week.
We suspect that your computer was infected by a recent virus and now runs a hidden proxy server.
We recommend that you follow instructions in order to keep your computer safe.
Best wishes,
myparticulardomain.com user support team.
END OF COPY
Notes on above mail;
I changed the email address and domain name, as with the first example. Otherwise, it is as delivered (some format change, of course).
It forgot to mention that it had an attachment.
The attachment was a “letter.zip (1.32KB)”.
I didn’t especially want this “help” either.
Conclusion. While there is no need to get paranoid, some care should be taken. As anyone can make mistakes, proper administrators don’t make many, as their professional credibility is on the line. For example, they rarely assume that everyone will spot the attachment, rarely miss spell, and almost never, miss spell often. Generally, they don’t send executables or attachments and will direct you to an U.R.L. or web address, if something is needed. They are also aware of this sort of thing and always have webspace with instructions, or similar facilities.
So, while there are a million ways to infect unprotected machines, potential infections as above can be avoided and avoided simply. IGNORE THEM. It is the frenzied call to action that can cloud the judgement, so TAKE YOUR TIME. As with a desert induced mirage, a cup of water and the time to drink it, can steady the nerves and dissolve the illusion.
I hope this helped to single out these sadistic serpents.