[Cialug] self-aware viruses/trojans
Barry Von Ahsen
barry at vonahsen.com
Mon Apr 1 14:34:17 CDT 2013
has anyone seen this behavior?
I get a real estate spam from person A to a ginormous To: list
person B responds to spam with a similarly spammy message to the same list
person C sends a new spam with very similar message to about half of the original list
I respond to A, B and C informing them that they should change their email passwords and seek virus removal services
B responds to me with "Nop i sent it ...its new properties" [sic]
A responds to me with "not a virus i checked its amazing" [sic]
it seems that the spams/trojans are talking to each other. given that the Zeus trojan sat in your browser and monitored your banking transactions and modified it's activities, I don't find it unreasonable that an email trojan would do the same.
the pseudo code is easy enough: if a message comes in in-response-to my message, and the body is like '%you have a virus%', then respond 'no, it's okay, click the link' goto subjugate_humans
-barry
More information about the Cialug
mailing list