[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Kind regards, Julian On 27/11/13 14:25, John Allsup wrote:
Hi, (I'm new to this list BTW.)Got one myself. I'm generally curious, so save the file and use command line utils to inspect them.It contains one file:DHL_id_report_645436435643548574876586556434232346465657865868565456436434535434546754545634636465987686567575465434354235323454658768756865674564364364364346.pdf.exe:which is a (according to the file command): PE32 executable for MS Windows (GUI) Intel 80386 32-bitThe basic trick is to use the long filename to hide the extension, and I suspect that it's builtin icon is a PDF file.http://nakedsecurity.sophos.com/2013/03/20/dhl-delivery-malware/is a short article about it. Suffice to say that the picture there indicates a bad practice with email software: opening images in an HTML file that are from web addresses and the sender is untrusted. (Essentially, if I send you an HTML email that contains an <img href='http://myserver.com/img?ajf80202h02he08h2'> entry, access to this http address can be logged and used as confirmation that the email has been opened. It is a tried and trusted way of spamming long lists of potential email addresses and seeing which ones are likely active.The DHL mail I received contained no images BTW.Anyway, that's what I can make of it, and I'm not letting that Zip file near my Windoze laptop.All the best, John On 22/11/2013 13:12, Neil Winchurst wrote:I am used to receiving scam emails, though not many. Just today I have had two identical ones, supposedly from DHL. This tells me that they tried to deliver a parcel at 10.10 last Wednesday, but no one was in. As it happens we *were* in.Then it goes on to say that if it is not picked up within 72 hours it will be returned to sender. It even includes a label number. Then, and here's the best bit, I am invited to read an enclosed file for details. Would you believe the said 'enclosed file', actually an attachment, is a zip file?Now the email address used is one I rarely use at all. I have never given this email address to DHL, or to anyone else for that matter. And, if I fell for all that, would DHL send a *zip* file to give me some simple details about a parcel? LOL.So what has this to do with Linux? Well, I assume that, if I were silly enough to click on the attachment, any nasties would fail to run because I am not using Windows. Is that a fair assumption?Thanks Neil
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq