May 12, 2010Message From My Domain Support
When you run a nickel-and-dime domain (as I do a few times over), it's quite a joke when malware deliveries try to make it sound as though their attachments are of vital importance. Case in point:
From: [removed].com support
Subject: setting for your mailbox [removed]@[removed].com are changed
SMTP and POP3 servers for [removed]@[removed].com mailbox are changed. Please carefully read the attached instructions before updating settings.
The attachment is a file named open.zip, weighing in at 186.9 KB.
Since I'm the one who would be sending out a message like this if I had additional users, I just laugh. But I suppose unsuspecting recipients — who may not know the difference between an SMTP and a POP3 server — might be tricked into opening the file. It's a backdoor loader, of course, but with less than 30% coverage at VirusTotal.
Oh, and point of logic, if my POP3 settings have changed, how did I receive this message in the first place? Magic?Posted on May 12, 2010 at 10:02 PM