This morning in my [email protected]
inbox I had an email that appeared to come from one of my users. It appeared to be the typical Delivery Status Notification Failure.
As the mail admin and abuse coordinator for a small ISP it is not unusual for the customers to forward these notices to me with a request to determine why
they can't email.
As I have done a few hundred times in the past I right clicked on the failure notice to look at the reason given by the NDR. Imagine my shock when my
computer immediately began running JAVA. I immediately killed the process and booted my computer into safe mode so that I could try to determine the
just exactly what had happened. As soon as the laptop booted up my AV and Windows Defender both reported that I had Trojan.bredo. I ran my cleanup
and researched the characteristics of this Trojan and the files that are altered.About 2 hours later it appears that I was able to recover from this attempt
to infect my computer.
I just wanted to give you a heads up. It looks the scumbags are now using NDR and Failure reports to attempt to further their malicious activity.
Deb Hale Long Lines, LLC
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.