Update: Graham Cluley at Sophos has also blogged about this email variant, with some additional detail.
A new variant of the “Do [Something Important] by opening the attached file” scam has arrived. The goal is to trick you into running the malware that is attached. While most Antivirus software will detect and prevent you from running known malware, 100% accuracy is impossible, and new malware variants may not be detected whey they have just been released. Here’s what the email looks like:
Subject: The police investigation is under way now. You’ll be really sorry about what you have done.
Do you know who posted these photos online?? This is strange cause there’s your FB acc there. Why did you do it and how did you get my photos?? This is a crime actually do you know?? I put one photo in attachment. We have to clear this thing or else I’ll have to contact my lawer!
I’ve just picked up a nice new entry on the “Falsehoods [people] believe about [topic]” meme … this one is “Falsehoods programmers believe about networks” and comes from Errata Security, a very good resource.
Here’s the top 5 :-
- Data on the network cannot be altered.
- Encrypted data on the network cannot be altered.
- Data cannot be accidentally corrupted, because TCP has checksums and Ethernet has CRCs
- If it’s inside my perimeter firewall, that means I have total control over it
- If it doesn’t return an error, then send() sent all the data that was asked of it.
A small list at the end is “Falsehoods network administrators believe about networks” …
- There is no IPv6 on my network
- NAT automatically blocks all inbound attacks
- We know all the devices attached to our network at any given time
This joins the two well-known “Falsehoods programmers believe about …”; Time and Names, their top entries are …
- There are always 24 hours in a day.
- Months have either 30 or 31 days.
- Years have 365 days.
- February is always 28 days long.
- Any 24-hour period will always begin and end in the same day (or week, or month).
- People have exactly one canonical full name.
- People have exactly one full name which they go by.
- People’s names fit within a certain defined amount of space.
- People’s names do not change.
- People’s names change, but only at a certain enumerated set of events.
- People’s names are written in ASCII.
- People’s names are written in any single character set.
- People’s names are all mapped in Unicode code points.
- People’s names are case sensitive.
- People’s names are case insensitive.