**From:** support@conman.org > **To:** sean@conman.org > **Subject:** Notify about your e-mail account utilization. > **Date:** Wed, 03 Mar 2004 13:39:43 -0500 >
Dear user of e-mail server “Conman.org”,
Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software.
For further details see the attach.
For security reasons attached file is password protected. The password is “36847”.
Kind regards, > The Conman.org team http://www.conman.org
Yea, like any virus has escaped from this email account. Quite possibly forged email, but none directly from me. Never mind the fact that the email client I use doesn't support attachments, I don't use Windows to check my email—I use Unix (okay, technically Linux). And running Windows executables just isn't possible (well, it is possible but it isn't easy to do, thankfully).
But what gets me is that this is supposedly from **support**@conman.org, which doesn't exist here at Conman Laboratories [1]. And even if it did, it would either be myself or Mark [2] doing the support role. I don't send attachments, and if Mark did, I suspect it wouldn't be in zip format (we're both more tar.gz users than zip users). And Mark would never send a password in email.
Oh, and we don't run anti-viral software on the server—it's just not an issue here.
Sigh.
This is an identical message that we were getting at work. It is spam/trojan virus. It uses your domain name. Very clever too. Variations of it use different wording and spacing, making filtering difficult. Also, the .zip file contains a trojan .exe and is uaually “Readme.zip” or “TextFile.zip” and is password protected. Why? No virus scanner can take a peek inside and quarrantine it.
I give these bozos points for this one. Looks like they have been saving up many ideas for one blow.
Too bad they pissed me off—it hit us at about 11:20am. I had a 12:00 lunch appointment. I ended up being 15 minutes late to this lunch appointment after tracing the source to somewhere in Houston, TX (Texas) and setting up sufficient blocks to keep it out. It's a good thing they assigned the email filter system to the UNIX group (of which I am currently the ONLY member of) (simply because it runs on a Linux black box—completely contained, but Linux backend)—that way I was the “Jr. Admin” who blocked the trouble in less than an hour. PFffft!
“Kelly Fallon [3]”
I was wondering about the password protection but this does make sense. Too much.
Blah.
[3] http://www.livejournal.com/users/bostondiaries/13375.html?thread=2367#t2367