« Phony iTunes Gift Certificate Email | Main | Still Plenty of Phishing Rookies Out There »

May 12, 2010

When you run a nickel-and-dime domain (as I do a few times over), it's quite a joke when malware deliveries try to make it sound as though their attachments are of vital importance. Case in point:

From: [removed].com support
Subject: setting for your mailbox [removed]@[removed].com are changed

SMTP and POP3 servers for [removed]@[removed].com mailbox are changed. Please carefully read the attached instructions before updating settings.

The attachment is a file named open.zip, weighing in at 186.9 KB.

Since I'm the one who would be sending out a message like this if I had additional users, I just laugh. But I suppose unsuspecting recipients — who may not know the difference between an SMTP and a POP3 server — might be tricked into opening the file. It's a backdoor loader, of course, but with less than 30% coverage at VirusTotal.

Oh, and point of logic, if my POP3 settings have changed, how did I receive this message in the first place? Magic?