Clever new voluntary-virus morphology

[prog]

You get an email that actually looks like it may have been composed by a native English speaker welcoming you to a web-based community you may not necessarily recall asking to join, and providing a raw numeric IP address (uh oh) as a confirmation link.

Clicking the link calls up a bare-naked web page (uh oh) with a single line of text apologetically informing you that you need to download (uh oh) a "secure login" thingum to actually see the website, and offers another link to an .exe file (uhhh ohhh).

I assume that carrying on with the download and running the file would (if I were on a Windows box) instantly zombify my PC and put it to use making DDoS attacks against the Turkish government or whatever they're up to now. When it comes down to it I guess I'm really just impressed that the initial email actually doesn't look entirely unreasonable, except for the giveaway raw IP link.

Comments

[keimel.livejournal.com]

Every single one I've received (not in gmail filtered accounts, but talker.com ones) have been pointing me at a different zombified web server to download the payload. I've forwarded every one to their respective abuse departments for whatever good that will do.

I was noticing this new method as well. It's a good one in study of legit emails from communities. If they culled the lists from some real communities people were on, it'd be nicer, but they do appear to be somewhat random. I am not on any dog communities, but remember one being indicated as my membership.

They also targeted an email address for which I don't generally sign up for memberships. ;)