[Cialug] self-aware viruses/trojans

Barry Von Ahsen barry at vonahsen.com
Mon Apr 1 17:06:45 CDT 2013 

Yeah, I looked for interesting headers, but didn't see anything

-barry

-------- Original message --------
From: Matthew Nuzum <newz at bearfruit.org> 
Date:  
To: Central Iowa Linux Users Group <cialug at cialug.org> 
Subject: Re: [Cialug] self-aware viruses/trojans 
 
At first read I didn't see how interesting this situation was. I didn't
realize that the people were real people.

I wonder two things: are the email addresses you're sending to the real
addresses? (I bet they are ) what is the user agent sending the emails? I
wonder if someone is forwarding the emails to some other party or living in
the mail client or something else entirely.

You don't need to respond with the details, those are just the things that
struck me as possible avenues of exploration.
On Apr 1, 2013 2:35 PM, "Barry Von Ahsen" <barry at vonahsen.com> wrote:

> has anyone seen this behavior?
>
> I get a real estate spam from person A to a ginormous To: list
> person B responds to spam with a similarly spammy message to the same list
> person C sends a new spam with very similar message to about half of the
> original list
>
> I respond to A, B and C informing them that they should change their email
> passwords and seek virus removal services
>
> B responds to me with "Nop i sent it ...its new properties" [sic]
> A responds to me with "not a virus i checked its amazing" [sic]
>
>
> it seems that the spams/trojans are talking to each other.  given that the
> Zeus trojan sat in your browser and monitored your banking transactions and
> modified it's activities, I don't find it unreasonable that an email trojan
> would do the same.
>
> the pseudo code is easy enough: if a message comes in in-response-to my
> message, and the body is like '%you have a virus%', then respond 'no, it's
> okay, click the link' goto subjugate_humans
>
>
> -barry
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list