[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Hi, we've mentioned it before but a reminder that this list emails are being targeted in the distribution of malware. I've just received an email which looked like a reply to a DCGLUG email but direct to my email address rather than to the group's email address, and lacking the List-ID header (so not filtered correctly for me). Since the archive doesn't have full email addresses, it is likely a member's PC is, or was previously, compromised. That is pretty much inevitable on a big public list. It has a link to an encrypted ZIP file on Microsoft One Drive, on careful decryption it contained a Microsoft Excel 2007 file with a malware downloader in a macro. Possibly an Emotet downloader, so likely after any financial credentials or crypto currency they can get their hands on. Sent from a "greenmillenia.com" email address, likely compromised. An encrypted attachment or download, with a trivial/weak password in the email doesn't provide any meaningful security but does make an excellent method of bypassing corporate anti-malware defences in email servers. If you see this type of behaviour in your organisation it is time to teach them how to transfer files securely. In context this email was pretty obviously of malicious intent. Last time a number of members received similar emails. This particular malware very unlikely to infect GNU/Linux boxes, even if people did open the attachment, but some of you still use Windows for email. Also if any of you see malware from "greenmillenia.com" to non-list addresses at your organisation⎄, this might nail down whose PC got compromised, but I suspect it may have happened long ago. Simon -- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: https://www.dcglug.org.uk/faq/