BaronFig: $10.00 off on quality notebooks and writing instruments. BaronFig makes super notebooks and planners in several sizes and colors, with dot grid, blank, or lined paper. The BaronFig Squire pen is magnificent.
I’ve finally seen my first potentially believable e-mail Trojan. This is one that’s been around a long time; I’ve just never gotten this particular e-mail. The payload is a .zip file containing W32.Netsky.P@mm. According to the Symantec Security Response site, this variant has been known about since March of 2004. It’s one of those payloads that have a couple of pre-created e-mails, and that’s the part that makes this one so insidious.
The body of the e-mail reads:
The sample file you sent contains a new virus version of buppa.k.
Please update your virus scanner with the attached dat file.
++++ Attachment: No Virus found
++++ F-Secure AntiVirus – www.f-secure.com
The attachment, the actual viral payload, is named “datfiles.zip.”
Both the From and the Reply-to headers truly look to the naive as if this came from email@example.com, though of course it didn’t. For one thing, there’s not as much data as you’d expect in the headers—no IP numbers at all—and for another Symantec doesn’t ever update it’s users via an e-mail attachment. The other oddity of course, is that at the bottom of the email you’ve got that “F-Secure” stamp of approval&and I’m pretty sure Symantec doesn’t use “>a competitor’s products on Symantec’s servers.
But I bet a lot of users would take the e-mail at face value, and click away. I note that a Google search for “Keria Reynolds” results in a number of sites pointing out the problems of taking this virus spam at face value.
SetApp: A Suite of macOS Apps for a Single Price Affiliate link for a great collection of 200+ macOS apps for a single price—now with iOS apps too.