Monday, January 29, 2007

This is a Belgian virus. Please forward it to everyone and then delete all your files.

Today I received my first spam message to my private university email account. I haven't read spam messages in a long time, but this one caught my eye for two reasons. The full body of the spam was:

Good day,

Viazzgra $1, 80
Ciazzlis $3, 00
Levizztra $3, 35

http://www.printeryml.*com ( Important ! Remove "*" )

--
Dobby stood for a moment, quivering all over, horror-struck by his own daring then he rushed over to the nearest table and began banging his head on it very hard, squealing, Bad Dobby! Bad Dobby!



First off, that URL is not even remotely valid. It includes an asterisk, and the message instructs the user to remove the asterisk before going to the address. That's INSANELY STUPID. A while back there was an email virus that evaded email scanners that blocked suspicious .zip files by sending .rar files with the payload. In a password-protected .rar file. So the spam message instructs the spammee with detailed instructions to save the file to disk, open it in WinRAR (which is not as commonly used as WinZip), extract the file, enter the password, find the extracted file, and then open it to launch the virus. Erm, I mean, porn movie. Whatever. Understandably, the virus was not very widespread.

Secondly, does anyone recognize the text at the bottom, cleverly intended to fool spamfilters into thinking it's not spam since it has full sentences?

Yes.

It's from Harry Potter and the Goblet of Fire.

I gotta say, spam is getting more Belgian every day.