OT: be careful what you open

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

OT: be careful what you open

Lynn W. Taylor, WB6UUT
I'd like to thank the person who opened an E-Mail attachment that should
not have been opened.

The attachment contained a trojan horse -- malware that then harvested
E-Mail addresses from their machine.

I know it was a list member, because my E-Mail address for this list is
exclusively used for this list, and I'm now getting unwanted "spoofed"
mail telling me about packages that are undeliverable, or that I need to
appear in court.

Those E-Mails have attachments, allegedly containing the details of my
offense or how to claim the package.

The E-Mail is very generic.  If you read it critically, there is nothing
that says it is from a legitimate shipper, legitimate court -- just a
slightly scary call to action.

It's another trojan horse.

It seems to me that after 3,000 years, we would have learned to keep the
metaphorical horse outside our cities, but no, there are some who say
"look at the pretty horse!" and we all suffer.

Thank you for your future consideration.  I'll go change my E-Mail
address now.

73 -- Lynn
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Reuben Popp
Let's not be hasty in our judgement...

To be fair, it would be trivial to write a small script to harvest any
string that looks like an email address that follows the form of
/\w\sat\s\w\.(com|net|org|tld)/ (that's a word followed by a space followed
by 'at' followed by space followed by a word followed by a period and a
tld).

Just saying... our email addresses are plastered all over, and the above
form of obfuscation is fairly easy to defeat.  And then, there's places
where it's not obfuscated in the least, such as

http://lists.contesting.com/_rtty/2015-01/msg00047.html

which contains your "exclusive" address in its entirety with no obfuscation.

Not trying to call you out here, I'm just pointing out that there's a
million ways for me to acquire an address (if I were up to nefarious
designs).



On Sun, Feb 12, 2017 at 3:01 PM, Lynn W. Taylor, WB6UUT <
[hidden email]> wrote:

> I'd like to thank the person who opened an E-Mail attachment that should
> not have been opened.
>
> The attachment contained a trojan horse -- malware that then harvested
> E-Mail addresses from their machine.
>
> I know it was a list member, because my E-Mail address for this list is
> exclusively used for this list, and I'm now getting unwanted "spoofed" mail
> telling me about packages that are undeliverable, or that I need to appear
> in court.
>
> Those E-Mails have attachments, allegedly containing the details of my
> offense or how to claim the package.
>
> The E-Mail is very generic.  If you read it critically, there is nothing
> that says it is from a legitimate shipper, legitimate court -- just a
> slightly scary call to action.
>
> It's another trojan horse.
>
> It seems to me that after 3,000 years, we would have learned to keep the
> metaphorical horse outside our cities, but no, there are some who say "look
> at the pretty horse!" and we all suffer.
>
> Thank you for your future consideration.  I'll go change my E-Mail address
> now.
>
> 73 -- Lynn
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
> Message delivered to [hidden email]
>
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Kevin - K4VD
Do people still have problems with SPAM? I've noticed a significant drop in
the past year or so. Using Google GMail, they catch most of the spam before
I ever see it. I do check my spam folder at times just in case but boy oh
boy SPAM seems to have become a lot less of a problem lately.

In the case of the OP, he's using a disposable address. I think Lynn is
giving us a warning to be careful and not so much complaining he received
spam. I think?

I 100% agree... careful what you open. Also be aware, your email is already
known to anyone who cares to dig. No real covert technique required. For
that matter, so's your home address.

Kev K4VD

On Sun, Feb 12, 2017 at 4:46 PM, Reuben Popp <[hidden email]> wrote:

> Let's not be hasty in our judgement...
>
> To be fair, it would be trivial to write a small script to harvest any
> string that looks like an email address that follows the form of
> /\w\sat\s\w\.(com|net|org|tld)/ (that's a word followed by a space
> followed
> by 'at' followed by space followed by a word followed by a period and a
> tld).
>
> Just saying... our email addresses are plastered all over, and the above
> form of obfuscation is fairly easy to defeat.  And then, there's places
> where it's not obfuscated in the least, such as
>
> http://lists.contesting.com/_rtty/2015-01/msg00047.html
>
> which contains your "exclusive" address in its entirety with no
> obfuscation.
>
> Not trying to call you out here, I'm just pointing out that there's a
> million ways for me to acquire an address (if I were up to nefarious
> designs).
>
>
>
> On Sun, Feb 12, 2017 at 3:01 PM, Lynn W. Taylor, WB6UUT <
> [hidden email]> wrote:
>
> > I'd like to thank the person who opened an E-Mail attachment that should
> > not have been opened.
> >
> > The attachment contained a trojan horse -- malware that then harvested
> > E-Mail addresses from their machine.
> >
> > I know it was a list member, because my E-Mail address for this list is
> > exclusively used for this list, and I'm now getting unwanted "spoofed"
> mail
> > telling me about packages that are undeliverable, or that I need to
> appear
> > in court.
> >
> > Those E-Mails have attachments, allegedly containing the details of my
> > offense or how to claim the package.
> >
> > The E-Mail is very generic.  If you read it critically, there is nothing
> > that says it is from a legitimate shipper, legitimate court -- just a
> > slightly scary call to action.
> >
> > It's another trojan horse.
> >
> > It seems to me that after 3,000 years, we would have learned to keep the
> > metaphorical horse outside our cities, but no, there are some who say
> "look
> > at the pretty horse!" and we all suffer.
> >
> > Thank you for your future consideration.  I'll go change my E-Mail
> address
> > now.
> >
> > 73 -- Lynn
> > ______________________________________________________________
> > Elecraft mailing list
> > Home: http://mailman.qth.net/mailman/listinfo/elecraft
> > Help: http://mailman.qth.net/mmfaq.htm
> > Post: mailto:[hidden email]
> >
> > This list hosted by: http://www.qsl.net
> > Please help support this email list: http://www.qsl.net/donate.html
> > Message delivered to [hidden email]
> >
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
> Message delivered to [hidden email]
>
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Lynn W. Taylor, WB6UUT
Kevin, you are correct.  It's not the "spam" per-se, but the likelihood
that people on this list are receiving trojan horses, and opening them.

I know this address appears in exactly one place: here.  It was
harvested from this list in one way or another.

It's possible someone found and signed up just for the purpose of
harvesting, but that takes time, and anyone who is harvesting is going
to find the easiest way possible.

That's a trojan horse.

The E-Mail messages all look like this:

Dear Sir or Madam,

This is to inform you to appear in the Court on the February 16.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.

We attached the Notice to this e-mail.

With sincere thanks,
  ,
Court Secretary.

(attachment removed)

I'm not tempted to open the attachment, because it contains a script to
harvest addresses and deliver that to someone who will use it to spam.

This is just one kind of trojan horse.  Others encrypt all your files,
and offer to sell them back to you.  Some will try to steal your banking
info.

Please just read anything with an attachment carefully.  Ask yourself
"does this even look real?" before you open it (or click on a link).

73 -- Lynn

On 2/12/2017 1:58 PM, Kevin - K4VD wrote:
> In the case of the OP, he's using a disposable address. I think Lynn is
> giving us a warning to be careful and not so much complaining he received
> spam. I think?

______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

k6dgw
Ummm ... maybe not.  The email address of everyone who has recently
posted to this list resides in the trash folder on my computer where it
went after I read it, and where it will stay until a few thousand
accumulate and I empty the trash. This is probably also the case for
most everyone else.  My computer is pretty well protected behind several
firewalls, but if someone got in, they're all there for the taking.

A lot of so-called "hacking" is pretty low-tech.  Hillary Clinton's
campaign emails were taken because someone sent her campaign manager
[John Podesta] an email requesting him to "update his password" and
conveniently providing a link to do that, which he did, dutifully
logging in to their server with his password.

73,

Fred ["Skip"] K6DGW
Sparks NV DM09dn
Washoe County

On 2/12/2017 3:04 PM, Lynn W. Taylor, WB6UUT wrote:
> I know this address appears in exactly one place: here.  It was
> harvested from this list in one way or another.
>

______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Lynn W. Taylor, WB6UUT
Mr. Podesta is a good example of what I'm talking about: he was asked to
update his password, he didn't look at the message carefully and ask
himself if it was genuine.

There is nothing magical about Trojan horses.  They rely on someone
trusting that the offer is genuine, and following the "call to action"
when they really are not what they seem.

73 -- Lynn

On 2/12/2017 4:10 PM, Fred Jensen wrote:

> Ummm ... maybe not.  The email address of everyone who has recently
> posted to this list resides in the trash folder on my computer where
> it went after I read it, and where it will stay until a few thousand
> accumulate and I empty the trash. This is probably also the case for
> most everyone else.  My computer is pretty well protected behind
> several firewalls, but if someone got in, they're all there for the
> taking.
>
> A lot of so-called "hacking" is pretty low-tech.  Hillary Clinton's
> campaign emails were taken because someone sent her campaign manager
> [John Podesta] an email requesting him to "update his password" and
> conveniently providing a link to do that, which he did, dutifully
> logging in to their server with his password.
>
> 73,
>
> Fred ["Skip"] K6DGW
> Sparks NV DM09dn
> Washoe County
>
> On 2/12/2017 3:04 PM, Lynn W. Taylor, WB6UUT wrote:
>> I know this address appears in exactly one place: here.  It was
>> harvested from this list in one way or another.
>>
>
> ______________________________________________________________
> Elecraft mailing list
> Home: http://mailman.qth.net/mailman/listinfo/elecraft
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:[hidden email]
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html
> Message delivered to [hidden email]
>

______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Elecraft mailing list
In reply to this post by k6dgw
FWIW I have had about a sudden 10dB increase in spam, beginning around Friday morning. Lots of crap about Qantas flights and “Coles” gift certificates, as well as others I don’t remember after quickly deleting therm.


73   -  Jim  K8MR


> On Feb 12, 2017, at 7:23 PM, Ron D'Eau Claire <[hidden email]> wrote:
>
> Don't overlook the fact that anyone posting here has their e-mail address
> added to the archive available on the Elecraft web page (and probably
> others) where any web-bot can easily harvest it.
>
> 73, Ron AC7AC
>
> -----Original Message-----
> From: Elecraft [mailto:[hidden email]] On Behalf Of Fred
> Jensen
> Sent: Sunday, February 12, 2017 4:10 PM
> To: [hidden email]
> Subject: Re: [Elecraft] OT: be careful what you open
>
> Ummm ... maybe not.  The email address of everyone who has recently posted
> to this list resides in the trash folder on my computer where it went after
> I read it, and where it will stay until a few thousand accumulate and I
> empty the trash. This is probably also the case for most everyone else.  My
> computer is pretty well protected behind several firewalls, but if someone
> got in, they're all there for the taking.
>
> A lot of so-called "hacking" is pretty low-tech.  Hillary Clinton's campaign
> emails were taken because someone sent her campaign manager [John Podesta]
> an email requesting him to "update his password" and conveniently providing
> a link to do that, which he did, dutifully logging in to their server with
> his password.
>
> 73,
>
> Fred ["Skip"] K6DGW
> Sparks NV DM09dn
> Washoe County
>
> On 2/12/2017 3:04 PM, Lynn W. Taylor, WB6UUT wrote:
>> I know this address appears in exactly one place: here.  It was
>> harvested from this list in one way or another.
>>
>

______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Richard Fjeld-2
In reply to this post by Lynn W. Taylor, WB6UUT
FWIW, I've had the 'UN-deliverable package' email, but Windows Defender
warned me.  I recognized it as a phony about the same time.  Still, I
was impressed with Defender.

I've been getting several phone calls from the Ransom-ware people, and I
tell them they should be ashamed of themselves.  They hang up immediately.

Dick, n0ce


On 2/12/2017 5:04 PM, Lynn W. Taylor, WB6UUT wrote:

> Kevin, you are correct.  It's not the "spam" per-se, but the
> likelihood that people on this list are receiving trojan horses, and
> opening them.
>
> I know this address appears in exactly one place: here.  It was
> harvested from this list in one way or another.
>
> It's possible someone found and signed up just for the purpose of
> harvesting, but that takes time, and anyone who is harvesting is going
> to find the easiest way possible.
>
> That's a trojan horse.
>
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[hidden email]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
Message delivered to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OT: be careful what you open

Russ W9RB
My two cents worth (before Eric shuts this down :)

I'm getting so many emails that ALMOST have a valid address such as
** Amazon <"<?<info@amazon.com>?>"> ** (Wrapped with additional special characters)

Just for fun, I hit reply and the address is now:
** <replyemail@volatility.mortgagegreatrates.com> **

Sneaky stuff
73, Russ - W9RB