Friday, July 21, 2006

New?

Just found this one in my in box. Seems that someone has come up with an interesting way to get me to open an attachment. The text of the message reads (my email address has been edited):

From: Automatic Email Delivery Software
To: joat@757.org
Subject: [SPAM] ERROR
Date: Fri, 30 Jun 2006 23:28:24 +0300 (16:28 EDT)

Your message was undeliverable due to the following reason(s):

Your message could not be delivered because the destination server was unreachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configuration parameters.

Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now.

Your message was not delivered within 7 days:
Mail server 117.57.210.242 is not responding.

The following recipients did not receive this message:

Please reply to postmaster@cox.net
if you feel this message to be in error.

Looks normal, right? The "trick" lies in the attachment. It has a "scr" file extension.

This prompted me to look at the header. Sure enough, my ISP received the message from 62.103.212.133. Even though the IP claimed to be cox.net (told the SMTP server "helo cox.net"), a reverse lookup on the IP returns "primalch.static.otenet.gr". A whois lookup confirms this.

So add the following to things not to do: "Don't open attachments from error messages." I'll look at the attachment this weekend.