[Cialug] self-aware viruses/trojans

Matthew Nuzum newz at bearfruit.org
Mon Apr 1 16:51:19 CDT 2013


At first read I didn't see how interesting this situation was. I didn't
realize that the people were real people.

I wonder two things: are the email addresses you're sending to the real
addresses? (I bet they are ) what is the user agent sending the emails? I
wonder if someone is forwarding the emails to some other party or living in
the mail client or something else entirely.

You don't need to respond with the details, those are just the things that
struck me as possible avenues of exploration.
On Apr 1, 2013 2:35 PM, "Barry Von Ahsen" <barry at vonahsen.com> wrote:

> has anyone seen this behavior?
>
> I get a real estate spam from person A to a ginormous To: list
> person B responds to spam with a similarly spammy message to the same list
> person C sends a new spam with very similar message to about half of the
> original list
>
> I respond to A, B and C informing them that they should change their email
> passwords and seek virus removal services
>
> B responds to me with "Nop i sent it ...its new properties" [sic]
> A responds to me with "not a virus i checked its amazing" [sic]
>
>
> it seems that the spams/trojans are talking to each other.  given that the
> Zeus trojan sat in your browser and monitored your banking transactions and
> modified it's activities, I don't find it unreasonable that an email trojan
> would do the same.
>
> the pseudo code is easy enough: if a message comes in in-response-to my
> message, and the body is like '%you have a virus%', then respond 'no, it's
> okay, click the link' goto subjugate_humans
>
>
> -barry
>
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list