Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Happy Independence Day

Published: 2010-07-03
Last Updated: 2010-07-03 22:40:17 UTC
by Deborah Hale (Version: 1)
0 comment(s)

To all of our US readers Happy Independence Day.  I hope that you will have a safe and relaxing holiday.  To our none US readers I wish a good day. 
May you also have a safe and relaxing weekend.

Deb Hale Long Lines, LLC

Keywords:
0 comment(s)

Delivery Status Failure Notice That Packed A Wallop

Published: 2010-07-03
Last Updated: 2010-07-03 22:35:44 UTC
by Deborah Hale (Version: 1)
1 comment(s)

 

This morning in my abuse@ inbox I had an email that appeared to come from one of my users.  It appeared to be the typical Delivery Status Notification Failure.  
As the mail admin and abuse coordinator for a small ISP it is not unusual for the customers to forward these notices to me with a request to determine why
they can't email.  

As I have done a few hundred times in the past I right clicked on the failure notice to look at the reason given by the NDR.  Imagine my shock when my
computer immediately began running JAVA.  I immediately killed the process and booted my computer into safe mode so that I could try to determine the
just exactly what had happened. As soon as the laptop booted up my AV and Windows Defender both reported that I had Trojan.bredo.  I ran my cleanup
and researched the characteristics of this Trojan and the files that are altered.  About 2 hours later it appears that I was able to recover from this attempt
to infect my computer. 

I just wanted to give you a heads up.  It looks the scumbags are now using NDR and Failure reports to attempt to further their malicious activity.

Deb Hale Long Lines, LLC

Keywords: Trojan spam
1 comment(s)
Diary Archives