Delivery Status Failure Notice That Packed A Wallop


This morning in my abuse@ inbox I had an email that appeared to come from one of my users.  It appeared to be the typical Delivery Status Notification Failure.  
As the mail admin and abuse coordinator for a small ISP it is not unusual for the customers to forward these notices to me with a request to determine why
they can't email.  

As I have done a few hundred times in the past I right clicked on the failure notice to look at the reason given by the NDR.  Imagine my shock when my
computer immediately began running JAVA.  I immediately killed the process and booted my computer into safe mode so that I could try to determine the
just exactly what had happened. As soon as the laptop booted up my AV and Windows Defender both reported that I had Trojan.bredo.  I ran my cleanup
and researched the characteristics of this Trojan and the files that are altered.  About 2 hours later it appears that I was able to recover from this attempt
to infect my computer. 

I just wanted to give you a heads up.  It looks the scumbags are now using NDR and Failure reports to attempt to further their malicious activity.

Deb Hale Long Lines, LLC


279 Posts
ISC Handler
Jul 3rd 2010
Sounds to me like you have HTML emails with auto-fetch enabled. Reading mail in plain-text can solve that problem.

Sign Up for Free or Log In to start participating in the conversation!