Monday, March 08, 2004

Spam Report: Administration Masquerade

I got a notification in my email from BlogPatrol.com warning about hackers masquerading as 'admins'. I am glad that they notified me about this particular dodge. The attachment is, no doubt, a virus or some other malicious program.

The twist that makes it notable is that the file is zipped and has a password. That means that the content is encrypted. Email and virus scanners, therefore, cannot scan the content of these files and must skip them.

That means, dear reader, that YOU are your own worst enemy. If you are unwary, you put in the password, decrypt the virus and run the program, thinking it has already been scanned. IT HAS NOT BEEN SCANNED!

Don't be fooled.

Most, if not all, reputable services will NOT send you an attachment with executable code.

Exploits are changing quickly. Be wary of anything that seems suspicious. If you are not sure about something, ask someone you trust about it. You can also do what I do when I get something fishy in my email. Use a search engine to see if other people have encountered the same thing. More than likely, others have had your problem and can offer additional information.

For your reference, here is the text of the fake message.

   Dear user of Blogpatrol.com,

   We warn you about some attacks on your e-mail 
   account. Your computer may contain viruses, in 
   order to keep your computer and e-mail account 
   safe, please, follow the instructions.

   For more information see the attached file.  For 
   security reasons attached file is password 
   protected.  The password is \"52335\".

   Cheers,
   The Blogpatrol.com team
   http://www.blogpatrol.com

   Attachment 1 
   Type: application/octet-stream
   Filename: TextDocument.zip
   Encoding: base64 Download 

I find the most scary thing about this hoax is how friendly and personal it seems. It comes from a site I trust and seems to be directed right at me. The level of psychology that spammers are using is increasing. It could be that it is only a matter of time before I am fooled too.

No comments: