Call on Ken

Example: Please run my Virus!

There are a lot of emails which go around trying to get you to open their attachments and a lot are simple and obvious like, "here's the document you asked for" or "checkout these pictures".

These type are easy to spot and ignore and not many people are taken in but sometimes they look as though they might be genuine as in the following couple of examples...

From: "Returned mail" <postmaster@trenthamxpertise.com>
To: <kenmoore@trenthamxpertise.com>
Sent: Thursday, July 29, 2004 12:01 PM
Subject: Returned mail: see transcript for details

Dear user,

Your account has been used to send a huge amount of spam messages during the recent week.

Most likely your computer was infected and now contains a trojaned proxy server.

Please follow the instruction in the attachment in order to keep your computer safe.

Have a nice day,
The trenthamxpertise.com team.

 

----- The following addresses had permanent fatal errors -----
<kenmoore@trenthamxpertise.com>

----- Transcript of session follows -----
... while talking to host 89.248.40.226:
>>> RCPT To: <kenmoore@trenthamxpertise.com>
<<< 550 MAILBOX NOT FOUND

Clues

In both cases there was an attached file which was supposed to provide further information as to what the problem was and in each case the file looked to have a fairly innocuous and safe file name like "document.htm" but looking at it more closely it was actually "document.htm          .pif".

ANY file with a strange name like that, i.e. with a lot of spaces in it, is almost certain to be carrying a virus!

Please
Run My Virus!