[Cialug] self-aware viruses/trojans

Tim Wilson tim_linux at wilson-home.com
Mon Apr 1 21:09:08 CDT 2013


Could it be that all 3 had their accounts hacked, and the hacker was
responding?

On Mon, Apr 1, 2013 at 5:06 PM, Barry Von Ahsen <barry at vonahsen.com> wrote:

> Yeah, I looked for interesting headers, but didn't see anything
>
> -barry
>
> -------- Original message --------
> From: Matthew Nuzum <newz at bearfruit.org>
> Date:
> To: Central Iowa Linux Users Group <cialug at cialug.org>
> Subject: Re: [Cialug] self-aware viruses/trojans
>
> At first read I didn't see how interesting this situation was. I didn't
> realize that the people were real people.
>
> I wonder two things: are the email addresses you're sending to the real
> addresses? (I bet they are ) what is the user agent sending the emails? I
> wonder if someone is forwarding the emails to some other party or living in
> the mail client or something else entirely.
>
> You don't need to respond with the details, those are just the things that
> struck me as possible avenues of exploration.
> On Apr 1, 2013 2:35 PM, "Barry Von Ahsen" <barry at vonahsen.com> wrote:
>
> > has anyone seen this behavior?
> >
> > I get a real estate spam from person A to a ginormous To: list
> > person B responds to spam with a similarly spammy message to the same
> list
> > person C sends a new spam with very similar message to about half of the
> > original list
> >
> > I respond to A, B and C informing them that they should change their
> email
> > passwords and seek virus removal services
> >
> > B responds to me with "Nop i sent it ...its new properties" [sic]
> > A responds to me with "not a virus i checked its amazing" [sic]
> >
> >
> > it seems that the spams/trojans are talking to each other.  given that
> the
> > Zeus trojan sat in your browser and monitored your banking transactions
> and
> > modified it's activities, I don't find it unreasonable that an email
> trojan
> > would do the same.
> >
> > the pseudo code is easy enough: if a message comes in in-response-to my
> > message, and the body is like '%you have a virus%', then respond 'no,
> it's
> > okay, click the link' goto subjugate_humans
> >
> >
> > -barry
> >
> >
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>



-- 
Tim
Required reading: http://bccplease.com/


More information about the Cialug mailing list