undeliverable email messages

  • Thread starter Thread starter JIP
  • Start date Start date
J

JIP

Hi

My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent out
(to old addresses, typing errors etc). However, some of them SAY something
was undeliverable, but require her to open an attachment to see the details.
She had the good sense not to do that, yet! So could anyone please advise,
do messages of this type usually have attachments, or is that the giveaway
that there's a "nasty" payload?

Many thanks
 
JIP said:
Hi

My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent
out (to old addresses, typing errors etc). However, some of them SAY
something was undeliverable, but require her to open an attachment to see
the details. She had the good sense not to do that, yet! So could anyone
please advise, do messages of this type usually have attachments, or is
that the giveaway that there's a "nasty" payload?

Many thanks
Click to expand...
I've read that this is one of the methods used to spread malware.
Dave Cohen
 
Hi

My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent out
(to old addresses, typing errors etc). However, some of them SAY something
was undeliverable, but require her to open an attachment to see the details.
She had the good sense not to do that, yet! So could anyone please advise,
do messages of this type usually have attachments, or is that the giveaway
that there's a "nasty" payload?

Many thanks
Click to expand...
*************** REPLY SEPARATER ***************
You hit the nail on the head. and yes it is likely a virus (most likely a back
door trojan). The culprit will send an email to an address (usually unknown) on
a server that he knows will bounce the mail intact (complete with attachment)
using your address as the return address. It's a very sneaky way of making the
email looks semi legitimate. Mail bounces have become a major problem on the
Internet because many ISP's accept all mail to try and avoid dictionary
attacks, and then attempt to bounce them later. This not only facilitates the
type of mail that you have been receiving, but also creates a horrific volume
of useless connections. And the spammer cannot necessarily be blamed: it's the
software that allows him/her to take advantage of it.

J.A Coutts
 
[snip]
And the spammer cannot necessarily be blamed: it's the
software that allows him/her to take advantage of it.
Click to expand...

um... like "the guy who pulled the trigger isn't the killer... Smith and Wesson is"?
 
JIP said:
Hi

My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent out
(to old addresses, typing errors etc). However, some of them SAY something
was undeliverable, but require her to open an attachment to see the details.
Click to expand...

Both scenarios are common for legitimate bounces. Some malware uses this
fact as a way to trick users into executing them.
She had the good sense not to do that, yet! So could anyone please advise,
do messages of this type usually have attachments, or is that the giveaway
that there's a "nasty" payload?
Click to expand...

There is no danger in saving the attachments and opening them with a safe
application. IOW (and as a general rule) it is better to open the application
(maybe notepad?) and have it open the file than it is to rely on associations
with extensions which "should" invoke the application those extensions are
associated with. You could save the attachments and rename the extension
to .txt and double click - but it is safer to open notepad and browse to the
saved files and open them. IIRC I have seen .DAT and .ATT as filename
extensions and have heard that danger could exist for .DAT as some files
with that extension are executables.

I'm guessing that in your case they are legitimate bounces, but commend
you wife for not trusting them anyway.

HD
 
Hi

My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent out
(to old addresses, typing errors etc). However, some of them SAY something
was undeliverable, but require her to open an attachment to see the details.
She had the good sense not to do that, yet! So could anyone please advise,
do messages of this type usually have attachments, or is that the giveaway
that there's a "nasty" payload?

Many thanks
Click to expand...
Several mail systems send the original and a log back as
attachments when failing to deliver.
If you want to be safe but would liek to check the contents,
don't open the attachments directly but save them to your disk,
where your scanner can look at them when you do open them, you
can see the full filename, etc.
 
code800 said:
There is no danger in saving the attachments and opening them with a safe
application. IOW (and as a general rule) it is better to open the application
(maybe notepad?) and have it open the file than it is to rely on associations
with extensions which "should" invoke the application those extensions are
Click to expand...

I generally rightclick and choose Open With, then specify
Notepad. I find the "where's my file" dialogue tedious in the
extreme.
 
JIP said:
Hi

My wife has been getting a lot of these of late. Some of them appear to be
genuine in that the body of the message contains an email that she sent out
(to old addresses, typing errors etc). However, some of them SAY something
was undeliverable, but require her to open an attachment to see the details.
She had the good sense not to do that, yet! So could anyone please advise,
do messages of this type usually have attachments, or is that the giveaway
that there's a "nasty" payload?

Many thanks
Click to expand...

JIP,

Email worms, through phishing and spoofing, are the "Malware Vectors
du Jour":

Virus Top Twenty for November 2005
(http://www.kaspersky.com/news?id=175015052)

<quote>

November 2005 was unique for its stability. The six worms which lead
the ratings in October retained their places. The stability is all the
stranger given November's virus epidemic, which should have caused
changes in the distribution at the top of the table. However, this
didn't happen - I'll explain why below.

<endquote>

I would think that most of this activity, at least in the US, is being
generated through broadband users --- Road Runner, Comcast, SBC/Yahoo
DSL, etc. I doubt whether a dial-up user could take the bandwidth hit
for long. But then again, clueless evidently knows no bounds.

BTW, check this out:
(http://survey.mailfrontier.com/survey/quiztest.html)

Didn't do well? You might want to rethink using html for email. From
Roel (KL),
(http://www.viruslist.com/en/weblog?weblogid=175083521)

<quote>

On a slightly different note, this is yet another example of why you
should read and write plain text email. With HTML parsing disabled,
you're much less likely to fall for this type of scam because the
message simply won't be displayed

<endquote>

Ron :)
 
Back
Top