Best email virus delivery yet

I’ve seen quite a few very nice bits of social engineering in email viruses lately, including things like a faked From:, but the very best I’ve ever seen just arrived:

Subject: Undelivered Mail Returned to Sender

There were errors processing you mail. Please, read detailed information in the attachment

with an attachment named error.hta. Very nicely done. Of course, that’s, the grammatical errors in the body grated on my one remaining nerve, and you and I are probably in a tiny minority actually knowing what an .hta really is, and why we’re not about to look at one. Still, very cunning bit of work, and if they’ve got a good enough payload, I predict a nice run for whatever it is (after all the Klez-related hits I got during it’s first outbreak, even if I had bothered to search for a name for it, I wouldn’t be posting it).


Comment by Kafkaesquí #
2003-05-22 21:58:41

The masses might wish to spare a worry or two over those of us who, when coming across a trojan like this, have the primary observation of: Kudos!

Comment by Bill #
2003-05-23 13:06:37

I agree. The first thing I thought was that virus spreaders/creators are finally getting clever.

Comment by Christine #
2003-05-24 08:59:13

Slowly raising my hand from the back of the room…

What’s an .hta? (I never open anything and have been virus free for years, but I figured I should ask.)

Comment by Jorge #
2003-05-24 13:36:00

”HTML Application”. Basically a web page launched from the local machine, without security restrictions. See MSDN.

Phil, you’ve got serious CSS problems. In WinXP/IE6, the page ends at the bottom of your gray right bar. Impossible to scroll beyond. You’ve also got the old div-wraps-below-other-div issue in Moz/WinXP when the browser window is resized.

Comment by Kafkaesquí #
2003-05-25 09:15:18

I believe Phil is aware of the problem, Jorge. However, being a Phoenix/Firebird afficionado, he hasn’t been seriously compelled to look into MT template repairs.

Phil: If you’d like, I can take a look and suggest a solution or two (requiring only minimal effort, naturally).

Comment by Phil Ringnalda #
2003-05-27 20:46:59

Yeah, it’s on my list – take that as you like ;)

I thought I had IE’s problem fixed with the paradoxical ”use an XML declaration, get quirks mode” trick, but the problem seems to have returned when I took a bunch of tiresome hacks that I barely understood out of my CSS. Given that there is actually a solution (hit F11 twice, to cycle in and out of full-screen mode), the only fix that I will accept in my current mood is one which doesn’t involve adding a single non-semantic tag to the HTML, and doesn’t involve adding a single hack to the CSS that I won’t be able to understand in six months. I’m afraid I’m just really tired of seeing double-divs just so one can have the margins and borders, and the other can have a width, and seeing CSS that’s an incomprehensible spew of punctuation trying to work around every bug in every browser. Maybe someday I’ll go back to thinking of that as fun, but right now it just annoys me.

Comment by Jim #
2004-02-06 20:09:35

No email address – no url……I don’t like to be bothered……

The Daemon@yahoo dot com msgs I usually receive re undeliverable mail have the
virus contained in them.
They’re always addressed ”to” someone which I have NO idea who he or she is!


Comment by maria #
2004-02-12 12:48:14

you are right my messages were all return with the demon name on them what should I do????

Trackback by John's Jottings #
2003-05-25 05:48:31

Jabberings #4

Catching up on a few links: Can’t remember where I originally found a reference to this, but Web Search for a Planet: The Google Cluster Architecure is the best writeup I’ve seen to date of the Google architecture, no surprise since it’s authors are th…

2003-05-27 09:53:35

a growing excited show

see o’malley as you’ve seen seen him before: e-x-t-e-n-d-e-d. more things we’ve recently missed: the eu wants to track all…

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <del datetime="" cite=""> <dd> <dl> <dt> <em> <i> <ins datetime="" cite=""> <kbd> <li> <ol> <p> <pre> <q cite=""> <samp> <strong> <sub> <sup> <ul> in your comment.