Potentially Dangerous Spam

I enjoy maintaining my own server. But along with the pluses, there are several minuses. One of the big minuses is an extra amount of spam. Some of this spam causes my hair to stand up on end. Here’s an example. The subject line reads “System Upgrade.”

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.
[Here I removed a link an executable file supposedly on my server.]
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator

Now there are several problems with this spam email. First, I am the system administrator and I have no memory of sending such a message. In fact, while the sender claimed to be “admin [admin(at)telecomtally.com],” the actual sender was one “alex-red-devill,” who sent or more likely relayed this email from a Brazilian service provider’s mail server. Second, the linked executable file is not on my server. Yes, I checked! But I do think it is likely on a large number of servers around the world and good ol’ alex-red-devill may well have tried to plant it on mine. Every day, there are multiple attempts to give me something I don’t want.
My guess is that this email is part of a scheme to develop a portfolio of spoofable SSI (Secure Sockets Layer) certificates, possibly even for resale. It is likely a kind of high tech identify theft.
If you get an email like this one, do not take the link. Do report the email to your actual system administrator ASAP.
I have reported this spam email and something else I didn’t like in my server log to the Brazilian service provider. In case you don’t know, most service providers and system administrators maintain a email account, abuse@[service provider’s domain name], as a place to report spam and other malicious stuff originating from any of their servers. The fact is, most of them, the honest ones, don’t like their servers being used in this way any more than you do and will try to take steps to stop it.

3 thoughts on “Potentially Dangerous Spam”

Comments are closed.