I am not sure whether to be worried or flattered, but it appears that someone is going through the trouble of creating targeted malicious code attacks by spoofing an email from me. They’ve even gone so far as to use the correct signature, return phone numbers, and to pick a topic that i am likely to actually send an email on. The only issue is that they’ve spelled my name wrong…probably to prevent any bounces from coming to me and alterting me. The message looks like this:
From: Matt Devest
Date: Sun, 1 Oct 2006 09:05:27 -0600
To: < ****@terrorism.com>
Subject: How China Steals US Military Secrets !
Terrorism Research Center, Inc.
Obviously, if you get this message, don’t click on the attachment. My good friend Eric took a look at the target web page and provided this assessment:
As such, only Windows users running IE 6 are vulnerable to this ‘link’. From what I can find on the Microsoft website, it looks like this vulnerability might only apply to Windows 2003 Server, but that remains unclear. Microsoft did indicate they would have an update released by October 10.
In summary, whoever did this cleverly crafted email wanted to maximize his/her chances of getting a ‘hit’. The exploit is considered a 0-Day and the way it was escaped took sometime to sort through and decode. If it wasn’t for the misspelled Devost, it could almost be considered ‘perfect’…
For what it’s worth, the email came directly from a server in Utah.
OrgName: Utah Educational Network
Address: 101 Wasatch Drive, Rm 215
City: Salt Lake City
Probably just a poorly patched server that was hacked and used as a jump-point…