The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Thursday, March 26, 2020

There just aren't enough clue-by-fours

In this paper I present an analysis of 1,976 unsolicited answers received from the targets of a malicious email campaign, who were mostly unaware that they were not contacting the real sender of the malicious messages. I received the messages because the spammers, whom I had described previously on my blog, decided to take revenge by putting my email address in the ‘reply-to’ field of a malicious email campaign. Many of the victims were unaware that the message they had received was fake and contained malware. Some even asked me to resend the malware as it had been blocked by their anti-virus product. I have read those 1,976 messages, analysed and classified victims’ answers, and present them here.

5. The fifth group is actually the most worrying. I call this group ‘MY ANTI-VIRUS WORKED, PLEASE SEND AGAIN’, as these are recipients who mention that their security product (mostly anti-virus) warned them against an infected file, but they wanted the file to be resent because they could not open it. The group consisted of 44 individuals (2.35%).

Via inks, Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware attack — accidental study

Over a year ago, the Corporate Overlords of The Ft. Lauderdale Office of The Corporation started sending us phishing emails in order to “train us” to recognize scams. Pretty much all it did for me was to treat all emails from our Corporate Overlords asking for information as a phishing attempt (it's also made easier as each phishing email has a specific header designating it as such to ensure they get through their own spam firewall—I am not making this up). And I was upset over the practice as I felt our Corporate Overlords did not trust their employees and felt they had to treat us as children (the managed laptops don't help either).

But reading this report is eye opening. Over 2% requested the malware be sent again! Over 11% complained that the “attachment” did not work (they were infected) and another 14% asked where was the “attachment”—what?

I … this … um … what?

I should not be surprised. I mean, someone has to fall for the scams else the scammers wouldn't waste their time. The scary bit is that this validates what our Corporate Overlords are doing.

Sigh.

But Bunny will find the following response group amusing:

10. One of the biggest surprises were 31 members of group number 10 (1.66%) who spent time pointing out all the spelling errors and typos made in the original message. I call this group “I'M A GRAMMAR NAZI”.

Via inks, Virus Bulletin :: VB2019 paper: 2,000 reactions to a malware attack — accidental study

Heh.

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.