[KS] NB! Possible virus, masquerading as news about Korea

Wed Aug 12 08:45:13 EDT 2009

Hi Aidan:

To make it short: your suspicion is 100% correct!

(a) What it is:
There are "clever" scripts for phishing that help the criminal who is 
implementing phishing practices to individually brand -- for anyone 
who hasn't noted yet, we live in the age of branding ::)field of 
interest or activity. As a first step, these scripts enable email 
spiders that "harvest" (that's what it is called) the Internet for 
email addresses -- they go to home pages and especially to online 
discussion boards, blogs, archives of email lists such as our Korean 
Studies discussion List (Web archives), and filter out and collect 
all and every email address there. From the keywords in the direct 
environment they create their own keyword lists and topics, in this 
case KOREA or NORTH KOREA, and then nicely assign the harvested email 
addresses to social network groups. In a second step they use RSS 
news feed techniques to auto-create subject lines and some email 
content. somewhere in that email, however, is then a clickable link, 
an URL, that, if you click it, will download some script to your PC 
(Mac users are still save, which is just one of the many reasons I 
use one) that spies you out.What script that is, I can't say -- there 
are endless varieties. It may well be a virus, but in many cases the 
entire purpose (that's what phishing is usually about) is to get your 
money ... to get your credit card data, bank info, etc.
(Explanation about "phishing": http://en.wikipedia.org/wiki/Phishing)

(b) What can you do?
The extended email header shows this info:
--------------
Received: from rly-dd09.mx.aol.com (rly-dd09.mail.aol.com 
[172.19.141.156]) by air-dd06.mail.aol.com (v124.15) with ESMTP id 
MAILINDD063-b974a82632fa1; Wed, 12 Aug 2009 02:37:56 -0400
--------------
172.19.141.156 ==> There were already complaints about this IP sent 
to Google (gmail) since May, but it didn't help. The spammers are 
using changing AOL and Gmail addresses, and use a bounce technique 
(so, often you may see your own email address as the fake sender of 
such mails). See here for one short discussion about this same IP -- 
that also gives you the link to the Google complain form:
http://www.google.com/support/forum/p/gmail/thread?tid=3f3ef974642c8739&hl=en
Blacklisting sender email addresses does not make sense. But you can 
blacklist the IP 172.19.141.156, that might help for a month or two. 
Then again, these ciminals probably use many other IPs as well. So, 
it is pretty useless, there is not much you can do.

A last note: this kind of spamming and phishing scripts, often a 
hotchpot of more complex and simple scripts, are now starting to 
implement nano technology -- still pretty rudimentary parts of nano 
technologies, but we will sure see more complex implementation 
coming. Nano technology is what we will see getting implemented 
during the next years more and more. The really interesting point, 
for me anyway, are the connections of social networks in their 
virtual world (Internet) with physics and e-technology in 
revolutionary new ways. You will see far far more of all that, bad 
and good. Also, bio-technology that uses nano technology tools is 
growing rapidly, that again implements social network strategies -- 
will do so more and more, thereby then again creating social networks 
that lead to new economic strategies.

Best,
Frank

-- 
--------------------------------------
Frank Hoffmann
http://koreaweb.ws