spam using DSNThe newest wave of spam is quite clever. They are abusing the geek-sacred protocol of the DSN (Delivery Status Notification), adding an attached html file that is a script set to redirect to a distant website, maybe selling Viagra.

Delivery Status Notification (Failure)
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.

Look familiar? The standard, important notice that your email has bounced for some reason. Now it could be spam.

 

I I won't bore you with specifics. For those that like details, you can get more info at Wikipedia:

In the internet's standard e-mail protocol SMTP, a bounce message, or (failed) Delivery Status Notification (DSN) message, aka Non-Delivery Report/Receipt (NDR), Non-Delivery Notification (NDN), or simply a bounce is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem. The original message is said to have bounced.

The only think you, as a user of email, is to ignore these emails as they come in. Maybe take a quick peek to see if it was really from an email you sent, but if it is not familiar, please do NOT open the attachment.

System Administrator

[Delivery Status Notification (Failure).html]
Note: Forwarded message is attached.

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

urinatedqds2@ rothe1.com

Final-Recipient: rfc822; urinatedqds2@ rothe1.com
Action: failed
Status: 5.1.1

Delivery Status Notification (Failure).html  4K

Unknown Attachments Can Be Dangerous

Currently, these false DSN messages appear to have html attachments that have a script in them that redirects to a site selling something. But, the structure of this payload can very well redirect to a phishing site, or a virus.

The nature of this script could possibly be dynamic, changing it's redirect as the Internet and Anti-Virus filters start blocking sites. Being dynamic however means that the virus writers can change the virus so the filters don't recognize the new variant for an hour or so.

As always, make sure your systems are completely updated and patched, and your protection is up-to-date. If you have no idea how to check, ask a friend (but not me). :)   And if your friend says don't worry about it, worry about your friend.

Nothing is more expensive than trying to save a buck.