January 31, 2011Oh, The Tricks They'll Try
If there is an evil attachment or evil end point of a link, the tricksters will do their best to get recipients to not only open the email message, but ACT on the content of the message. The crucial nexus of their whole plot is to get you to ACT. If you don't ACT, the tricksters get nuthin'.
And so, for many years, the malware distributors of the world have been sending out spam email messages like this one:
From: Post Express Service
Subject: Post Express Service. Package is available for pickup
Your package has been returned to the Post Express office.
The reason of the return is "Error in the delivery address"
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.
Thank you for attention.Thank you.
Post Express Service.
The attachment in the message I saw was named Post_Express_Label_77654.zip. Your randomized number may vary. It's a Trojan loader with (at this hour) an exceptionally low VirusTotal score (recognized by only 6 of 42 antivirus products).
When an unsuspecting recipient sees this message, it's damned hard for him or her to resist the curiosity about this mysterious package they never sent in the first place. That's probably the biggest challenge in educating the emailing public about the risks of opening attachments from unknown sources or clicking on alluring links.
The picture I like to convey is asking that person to imagine facing a wall that is completely blank except for an appendage-sized hole (pick your appendage). You don't know what's on the other side of the wall (it's unlit in there), but you hear some metallic grinding machine. How ready would you be to slide anything of yours into that opening? ACTING on instructions from an unknown and unexpected email message is the same as sticking your treasured appendage into that gnashing hole. If you resist, you may never learn what was on the other side of the wall, but you'll walk away intact.Posted on January 31, 2011 at 06:43 PM