[NLRS] Account Suspension

Chris Elmquist chrise at pobox.com
Tue Mar 7 10:48:43 EST 2017 

The predominant method is that an individual's PC gets compromised after
they have invoked malware by visiting a corrupt website or clicking on a
link in a malware email they received.

This malware harvests their address book and sends it to a mothership
where all of the email addresses that were in that victim's address book
are now considered good targets.

The mothership (or its surrogate bots) then forge the From: line of an
email and send it to every address that was in the victim's address
book-- whether they are mailing lists or not.  It has no way to know
mailing lists from non-mailing lists and just considers every address
a potential new victim.

Variants of these malware will also use addresses from the victim's address
book as forged From: addresses, making it look like one of the original
victim's friends or correspondents sent the new malware email.

So...  the origin of this particular attack is likely someone on this
list (and also on the other lists you are seeing attacked) who's PC got
infected because they clicked something they shouldn't have.

Chris N0JCF 

On Tuesday (03/07/2017 at 09:17AM -0600), Zack Widup wrote:
> 
> 
> I didn't. But I have just been deluged with these, coming from practically
> every group I'm a member of. I got one through the MAMS group that
> supposedly came from MY e-mail address. I don't know if it was or not, but
> I changed my personal e-mail account password just in case. I wish I knew
> how they were doing it. Are they hacking into THAT many people's accounts?
> 
> 73, Zack W9SZ
> 
> On Tue, Mar 7, 2017 at 9:00 AM, S. Earl Jarosh <earl at jarosh.org> wrote:
> 
> >
> >
> > Don't ever click on any link that has a .php in it.  Also no company with a
> > login process will ever send you a link without you initaitng it.
> >
> > -----Original Message-----
> > From: NLRS [mailto:nlrs-bounces at mailman.qth.net] On Behalf Of Rolf
> > Krogstad
> > Sent: Tuesday, March 07, 2017 8:33 AM
> > Cc: nlrs
> > Subject: Re: [NLRS] Account Suspension
> >
> >
> >
> > Don't anyone click on the link in this email.
> > It will most likely give you a virus.
> >
> > Rolf   NR0T

-- 
Chris Elmquist

More information about the NLRS mailing list