D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Rubbish emails



(I'm new to this list BTW.)

Got one myself. I'm generally curious, so save the file and use command line utils to inspect them.

It contains one file:


which is a (according to the file command):

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

The basic trick is to use the long filename to hide the extension, and I suspect that it's builtin icon is a PDF file.


is a short article about it. Suffice to say that the picture there indicates a bad practice with email software: opening images in an HTML file that are from web addresses and the sender is untrusted. (Essentially, if I send you an HTML email that contains an <img href='http://myserver.com/img?ajf80202h02he08h2'> entry, access to this http address can be logged and used as confirmation that the email has been opened. It is a tried and trusted way of spamming long lists of potential email addresses and seeing which ones are likely active.

The DHL mail I received contained no images BTW.

Anyway, that's what I can make of it, and I'm not letting that Zip file near my Windoze laptop.

All the best,


On 22/11/2013 13:12, Neil Winchurst wrote:
I am used to receiving scam emails, though not many. Just today I have had two identical ones, supposedly from DHL. This tells me that they tried to deliver a parcel at 10.10 last Wednesday, but no one was in. As it happens we *were* in.

Then it goes on to say that if it is not picked up within 72 hours it will be returned to sender. It even includes a label number. Then, and here's the best bit, I am invited to read an enclosed file for details. Would you believe the said 'enclosed file', actually an attachment, is a zip file?

Now the email address used is one I rarely use at all. I have never given this email address to DHL, or to anyone else for that matter. And, if I fell for all that, would DHL send a *zip* file to give me some simple details about a parcel? LOL.

So what has this to do with Linux? Well, I assume that, if I were silly enough to click on the attachment, any nasties would fail to run because I am not using Windows. Is that a fair assumption?



The Mailing List for the Devon & Cornwall LUG
FAQ: http://www.dcglug.org.uk/listfaq