[CRTech] Christian Radio Tech [MSG 79322]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: Caution: targeted infected email supposedly from "CRTech"
To: CRTech <crtech@crtech.org>
Subject: Re: Caution: targeted infected email supposedly from "CRTech"
From: Nicholas Tobiason <nickt@ynop.org>
Date: Wed, 29 Mar 2017 23:03:04 -0600
In-reply-to: <00b901d2a90a$57730ad0$06592070$@gmail.com>
References: <1178993425.20170329123023@voxroxradio.com> <2981FFDD-D345-46DD-A5EE-2A2E64DA9C42@ieee.org> <00b901d2a90a$57730ad0$06592070$@gmail.com>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

I produce a show with that name for our stations on Saturday nights. That domain has been inactive for a few years now and that email box is deleted.

That is indeed something I have never seen before. Yes, it shows as being from CRTech but with voxroxradio.com as the origination. None of my PCs are configured with that email, and none of them were powered up at that time of the morning.

The only thing I can figure is according to DNS management, the domain was parked at one server that used to host our site, but the emails were configured to run through our network website server at ynop.org for better control and email management. While voxrox@voxroxradio.com and all domain associations were deleted at the ynop.org server, the old server that used to host our website still has every email still active...far as I can tell, and has been hacked/spammed.

Now how in the world it scraped these random email addresses to spam you is beyond me but still a research in progress.

Sorry for the inconvenience. Work in progress.

Nicholas Tobiason
Tech/Music Manager - Your Network of Praise
106 Cooperative Way, Suite 102
Kalispell, MT 59901
406-752-5257
On 3/29/2017 10:01 PM, Ron Huckeby wrote:

 

From: Sherrod Munday [mailto:smunday@ieee.org]
Sent: Wednesday, March 29, 2017 6:53 AM
To: CRTech <crtech@crtech.org>
Subject: [CRTech] Caution: targeted infected email supposedly from "CRTech"

 

Good morning, CRTech!  

 

I have to say -- in all my years of using email, this is the first time I've seen this specific ploy against a listserv.  Either someone on this list just got smacked with a virus that scraped their inbox for possible targets, or something/someone is looking at online archives to gather addresses and other info to appear more legitimate.

 

The email was delivered directly to my email address -- **NOT** through the CRTech listserv.

 

My spam filter caught and flagged it, but it's interesting to me that the virus/sender used a name & .sig of "CRTech" with a return email address of something related to radio.  (I can't tell if the email is from a valid CRTech listserv member or not -- I don't recognize "voxrox" as anyone who's posted before, and I don't know the other recipients either.)   The headers reveal that the email originated in France. 

 

The link (removed for obvious reasons) goes to some offshore site - no doubt it hosts either a phishing attack or just pure malware/ransomware.

 

This is just another great example why you need to be careful and examine each email for links and content that may look legitimate upon a cursory glance.

 

To paraphrase the tag line some others use here on the list:

 

"Always Vigilant",

 

--Sherrod

 

 


Follow-Ups: Re: Caution: targeted infected email supposedly from "CRTech"
(John Stortz <ka4flx@gmail.com>, 30 Mar 2017 06:37:22 -0000)
Re: Caution: targeted infected email supposedly from "CRTech"
(Sherrod Munday <smunday@ieee.org>, 30 Mar 2017 16:23:56 -0000)
References: Caution: targeted infected email supposedly from "CRTech"
(Sherrod Munday <smunday@ieee.org>, 29 Mar 2017 12:53:33 -0000)
RE: Caution: targeted infected email supposedly from "CRTech"
("Ron Huckeby" <huckebyrj@gmail.com>, 30 Mar 2017 04:02:06 -0000)
Prev by date: RE: Caution: targeted infected email supposedly from "CRTech"
(Nicholas Tobiason, 30 Mar 2017 04:07:47 -0000)
Next by date: Re: Caution: targeted infected email supposedly from "CRTech"
(John Stortz, 30 Mar 2017 06:37:22 -0000)
Prev by thread: RE: Caution: targeted infected email supposedly from "CRTech"
(Nicholas Tobiason, 30 Mar 2017 04:07:47 -0000)
Next by thread: Re: Caution: targeted infected email supposedly from "CRTech"
(John Stortz, 30 Mar 2017 06:37:22 -0000)
CRTech.org