Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

What's the story behind this malware/virus/trojan/whatever

What's the story behind this malware/virus/trojan/whatever

What's the story behind this malware/virus/trojan/whatever

This is rampant in the food and beverage industry. It comes in addressed and cc'd to a large number of recipients, all visible, with nothing but a link, usually yaddayadda.ru .

Here's what I wrote for my candidates and clients.

It's very bad for someone who wants to look for a job under the radar to appear to send to his boss a series of links with craigslist ads in them....


since it's so simple and the link keeps changing, there is no way to look it up. Hope someone here can clear it up.

Would this be the first step in a DSA? I am truly curious.  

RE: What's the story behind this malware/virus/trojan/whatever

This looks like part of a 'Ransomware' scam, anyone who replies to it is likely to get a demand for cash and may then actually become compromised.
Its likely that some of your contacts may already have malware that has farmed your groups email address.

Anyone who has received this mailing should security scans.

The text you have published is about right I would say.
As far as blocking it is concerned, as you say you wont be able to block the sender, but you should report the activity to your Anti-malware provider e.g Trend Micro.
Also to your ISP (not that that will help much).

What you can do is setup filters in your mail client to reject mail that contains parts of the text.


Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain

RE: What's the story behind this malware/virus/trojan/whatever

I hadn't thought of that.
As for blocking it with the text or sender, that isn't possible because a: There is no text, just the link, which changes and b: the sender is always different. The addresses included in the To: and Cc: fields are authentic (they are not in my address book, but I know them and have access to their addresses) plus a number of expried Craigslist ad reply addresses.

There is also no subject.

I was able to catch the process in a couple of seconds and no just look at the addresses (which provides me with some pretty interesting industry information).

God help them, if they think there's anything for ransom. All backed up.  

RE: What's the story behind this malware/virus/trojan/whatever

I wonder if any of the mail clients will allow for filtering out emails with only a link, no text... sometimes people will send JUST a link, but you should generally already know in advance when something like that is coming..

Also, what about domain?  I know the program, MailWasher, can block based on sender, subject, and/or sender... and maybe the body text, but I don't remember for sure.  It used to work very well, but I'm not sure how much help it would be for this one.

RE: What's the story behind this malware/virus/trojan/whatever

The domain changes. They had one up in Google for a while, some are .ru, other non US extensions. and of course so does the URL name and the sender..which are usually people you know. The first time I got one it was from a good friend, and I am pretty well protected, so I didn't think twice. As soon as a window opened containing a blank table with scroll bars,then flashed to a Cialis site, I shut the computer down and rebooted safe with connectivity, ran housecall and interrupted a running process.

Some of the individuals hacked indicate that their mail server told them they had been hacked, which speaks to the quality of tech support - it's pretty unlikely that Google, AOL, ATT and Hotmail could all get hacked, and impossible that that kind of invasion wouldn't be front page news.

I figure the link deposits the malware, which then cleans out the address book. My question is to what end. I'm good..have been keeping strong track of it, but it's really going around in the Food and Beverage world.

I also got a lot of failure responses to something I didn't send some time after I first saw the mail. The addresses included were mostly expired Craigslist ads (I put them up, but don't answer them, so they're not in my address list) and addresses from people who are not in my book, so it's spoofing senders with addresses it gleans from infected computers.....

I still think that it's setting up for a Denial of Service attack.

As I said, I'm just mighty curious.  

RE: What's the story behind this malware/virus/trojan/whatever

I would send an email to everyone in your address book (if you dare) and ask them to install and run MalwareByte's Anti-Malware to clean up anything on their PCs.

I had this issue a while back with a club I belonged to with an email distribution list.  One guy got a bug and there were random emails being sent to people in his address book with URLs to virus-giving sites.

Once he ran MBAM, his PC was clean and members of the group stopped getting the B.S. emails

RE: What's the story behind this malware/virus/trojan/whatever

That's a great way of thinking outside the box, goombawaho!  Literally out of the box! wink

Seriously, that would be a good idea for sure.  And if you want to be more careful for people who may not easily install software, tell them to get it from http://ninite.com - they did what I always wanted to do myself, but never took the time to try. ;p

RE: What's the story behind this malware/virus/trojan/whatever

I will check out the software and put out the word. My own mailing list, however (it is apparently not compromised. That would be because I keep only a personal list on my mail servers and the others in a distinct database. I get the mails from people emailing me for employment consideration, some of whom I don't know, but may have sent them a mail at some point in their job searches.
The curious thing is that the phenomenon (virus, malware, whatever) seems to be rampant among chefs and food and beverage directors - it's a tight to incestuous community with common and cross connections.
Every instance of the mail, furthermore, contains at least one and usually several expired craigslist job addresses, which does beg a question.
Nearly all of them contain addresses of my competition. (So I know who my candidates are conspiring with..interesting). Many contain addresses of relatively powerful people in the industry (Elizabeth Blau, Danny Meyers, Mario Battali) -appreciated.

I got a new one yesterday with a subject, at least I assume it was. It was sent to a number of search firms with the subject ~hi~ (which can be filtered).  

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close