[CRTech] Christian Radio Tech [MSG 79311]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Caution: targeted infected email supposedly from "CRTech"
To: CRTech <crtech@crtech.org>
Subject: Caution: targeted infected email supposedly from "CRTech"
From: Sherrod Munday <smunday@ieee.org>
Date: Wed, 29 Mar 2017 08:53:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee-org.20150623.gappssmtp.com; s=20150623; h=from:subject:date:references:to:message-id:mime-version; bh=QPtns91FAjH+HGlOos/v/eyt6baV6QGoG9ciWdwxhHU=; b=Uooda5XYnnBRPMFR4R+aOR08RhVbg/u07N1kdGzEj1kIHFExYZUX5fB/EwApvxdu3Y C3SJTRO6TNEyqa5re5sO8HMDgRp/BHSLvEKjrhIXYP8W8ymEBjGQzVvaPKr1E9QaxkxI 27AB6V8deQdtAdwrDZmVipXJgZQh/2QHO1nwRuJxzZV2EVERhQPv3bfIe1tpHQqmMWpq qQf6P9cw+Ts5NoPQTl5k9/W2dDZp3ggHeODI/GdyKgCKSRrnT7T/+uudkJ6nUIU/FYtf wtrs/sMTbeCK55s5K9kiFSm40T0rw8pTbu8hQwckFPm2zM5MhiEHQAR0jH9VzXLS+6bX ta5Q==
References: <1178993425.20170329123023@voxroxradio.com>
Good morning, CRTech!  

I have to say -- in all my years of using email, this is the first time I've seen this specific ploy against a listserv.  Either someone on this list just got smacked with a virus that scraped their inbox for possible targets, or something/someone is looking at online archives to gather addresses and other info to appear more legitimate.

The email was delivered directly to my email address -- **NOT** through the CRTech listserv.

My spam filter caught and flagged it, but it's interesting to me that the virus/sender used a name & .sig of "CRTech" with a return email address of something related to radio.  (I can't tell if the email is from a valid CRTech listserv member or not -- I don't recognize "voxrox" as anyone who's posted before, and I don't know the other recipients either.)   The headers reveal that the email originated in France. 

The link (removed for obvious reasons) goes to some offshore site - no doubt it hosts either a phishing attack or just pure malware/ransomware.

This is just another great example why you need to be careful and examine each email for links and content that may look legitimate upon a cursory glance.

To paraphrase the tag line some others use here on the list:

"Always Vigilant",


Begin forwarded message:

From: "CRTech" <voxrox@voxroxradio.com>
Subject: nice place
Date: March 29, 2017 at 5:30:23 EDT
To: "Sherrod Munday" <smunday@ieee.org>, "a.j.petrella" <a.j.petrella@ieee.org>, "kevin.m.speer" <kevin.m.speer@ieee.org>

I've recently visited a nice place, just take a look, you're going to love it for sure! Here are some pics of it (link removed).
Looking forward, CRTech

Sherrod Munday

Follow-Ups: Re: Caution: targeted infected email supposedly from "CRTech"
(Rick Jesse <javajava56@gmail.com>, 29 Mar 2017 14:46:45 -0000)
RE: Caution: targeted infected email supposedly from "CRTech"
("Ron Huckeby" <huckebyrj@gmail.com>, 30 Mar 2017 04:02:06 -0000)
Prev by date: Re: Barix as backup STL
(JOHN VAN MILLIGAN, 29 Mar 2017 02:50:06 -0000)
Next by date: Re: Caution: targeted infected email supposedly from "CRTech"
(Allard, Mark G, 29 Mar 2017 13:38:25 -0000)
Prev by thread: Re: Barix as backup STL
(BIll Moede, 30 Mar 2017 18:24:21 -0000)
Next by thread: Re: Caution: targeted infected email supposedly from "CRTech"
(Rick Jesse, 29 Mar 2017 14:46:45 -0000)