Delivery Status Failure Notice That Packed A Wallop

Published: 2010-07-03
Last Updated: 2010-07-03 22:35:44 UTC
by Deborah Hale (Version: 1)
1 comment(s)

 

This morning in my abuse@ inbox I had an email that appeared to come from one of my users.  It appeared to be the typical Delivery Status Notification Failure.  
As the mail admin and abuse coordinator for a small ISP it is not unusual for the customers to forward these notices to me with a request to determine why
they can't email.  

As I have done a few hundred times in the past I right clicked on the failure notice to look at the reason given by the NDR.  Imagine my shock when my
computer immediately began running JAVA.  I immediately killed the process and booted my computer into safe mode so that I could try to determine the
just exactly what had happened. As soon as the laptop booted up my AV and Windows Defender both reported that I had Trojan.bredo.  I ran my cleanup
and researched the characteristics of this Trojan and the files that are altered.  About 2 hours later it appears that I was able to recover from this attempt
to infect my computer. 

I just wanted to give you a heads up.  It looks the scumbags are now using NDR and Failure reports to attempt to further their malicious activity.

Deb Hale Long Lines, LLC

Keywords: Trojan spam
1 comment(s)

Comments

Sounds to me like you have HTML emails with auto-fetch enabled. Reading mail in plain-text can solve that problem.

Diary Archives