And not the good kind.
I received an email this morning that set of a bunch of alarm bells for me, and thought I better mention it here in case others have gotten it as well. It comes from “Andy” and is about a Drill Bit/Fastener Chart.
If those keywords are not familiar then you probably didn’t get the email (good). It may be legitimate, but it has all the markings of a spam email, and links to an unfamiliar web location to download the chart, which is dangerous territory. You might even get a chart from clicking on the link, but what else is included in the payload?
One practice that is common at the moment is to get people to click on a link that gets a download of something (a FedEx delivery document, porn etc), and included is a bot that gets installed on the computer. At some stage in the future, a code is sent out through the bot network (or it is simply activated on a certain date), and all the infected computers act out their instruction (attack Microsoft, or whatever). Part of the bot’s job can easily be to send copies of itself to all the contacts in your email list. Talk about 7 degrees of separation – how many people’s email address are in your various email folders, and your contacts list? Would they all know that an email from you wasn’t actually sent by you?
The concept is a Trojan, delivering a package with something else hidden inside. In the original case, did Troy REALLY need a large wooden horse that arrived unsolicited on their doorstep? Inside was something a little more incidious, that activated at a later date (that night), and threw open their security, costing them their city.
So perhaps this drill bit chart is legitimate, perhaps it is not. The links look suspicious, and I have no need for a drill bit chart, especially one that arrived unsolicited. So why expose myself, and my computer to the possible risk?
As I said recently on my IT blog (IT Savvy) – in this day and age, where it comes to computer terrorism – there is no “Be alert but not alarmed” (a catch-phrase of the Australian government during the recent terrorism activites in the world). There is simply “Be alarmed”.
