[CRTech] Christian Radio Tech [MSG 79323]
[Thread Prev] [-- Thread Index --] [Thread Next] [Date Prev] [-- Date Index --] [Date Next]
Re: Caution: targeted infected email supposedly from "CRTech"
To: CRTech <crtech@crtech.org>
Subject: Re: Caution: targeted infected email supposedly from "CRTech"
From: John Stortz <ka4flx@gmail.com>
Date: Thu, 30 Mar 2017 02:31:38 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=JOui+7EW35cV2LJy47cy/jJZfkF4NMPsj/nksTJXtiM=; b=bSiDIEJ33gFlMjeLsVSEktshVip1rsP7yUondE/WPF+X/cjsbv7jxMLHK1BMahGjnQ R9M3PI138lKy+BOrP6dPQXzKxd10JbNGk28s+rJdCL4K5E1ORd+g3cKiNLoesNSRHfy9 oXqAXQseNkNEsVbN/st6WdF7PzZuz5hMd2X4nL6iA0JgDWpGJaW7zbuHZpI/bdv19jFZ In9ZHa84DXc6Ep+TYQphmvTcCLVa/PXqNCwMQDx0b9ML3Cf1KjmRPT28QDJC72tiS83y FNGbuR4zfF6LvMTokaC0cGb20BfgZvpnKO9ghwJWKQ85C9UoVMhhn5WiLVCVVpw8Fd4I 4r2Q==
In-reply-to: <c907039b-67a8-666e-64f3-18c210648cf7@ynop.org>
References: <1178993425.20170329123023@voxroxradio.com> <2981FFDD-D345-46DD-A5EE-2A2E64DA9C42@ieee.org> <00b901d2a90a$57730ad0$06592070$@gmail.com> <c907039b-67a8-666e-64f3-18c210648cf7@ynop.org>
I received the Voxrox message, but didn't open it, but trashed it.

John S.

*Politics is the gentle art of getting votes from the poor and campaign funds from the rich, by promising to protect each from the other.
*~Oscar Ameringer~
  

On Thu, Mar 30, 2017 at 1:03 AM, Nicholas Tobiason <nickt@ynop.org> wrote:

I produce a show with that name for our stations on Saturday nights. That domain has been inactive for a few years now and that email box is deleted.

That is indeed something I have never seen before. Yes, it shows as being from CRTech but with voxroxradio.com as the origination. None of my PCs are configured with that email, and none of them were powered up at that time of the morning.

The only thing I can figure is according to DNS management, the domain was parked at one server that used to host our site, but the emails were configured to run through our network website server at ynop.org for better control and email management. While voxrox@voxroxradio.com and all domain associations were deleted at the ynop.org server, the old server that used to host our website still has every email still active...far as I can tell, and has been hacked/spammed.

Now how in the world it scraped these random email addresses to spam you is beyond me but still a research in progress.

Sorry for the inconvenience. Work in progress.

Nicholas Tobiason
Tech/Music Manager - Your Network of Praise
106 Cooperative Way, Suite 102
Kalispell, MT 59901
406-752-5257
On 3/29/2017 10:01 PM, Ron Huckeby wrote:

 

From: Sherrod Munday [mailto:smunday@ieee.org]
Sent: Wednesday, March 29, 2017 6:53 AM
To: CRTech <crtech@crtech.org>
Subject: [CRTech] Caution: targeted infected email supposedly from "CRTech"

 

Good morning, CRTech!  

 

I have to say -- in all my years of using email, this is the first time I've seen this specific ploy against a listserv.  Either someone on this list just got smacked with a virus that scraped their inbox for possible targets, or something/someone is looking at online archives to gather addresses and other info to appear more legitimate.

 

The email was delivered directly to my email address -- **NOT** through the CRTech listserv.

 

My spam filter caught and flagged it, but it's interesting to me that the virus/sender used a name & .sig of "CRTech" with a return email address of something related to radio.  (I can't tell if the email is from a valid CRTech listserv member or not -- I don't recognize "voxrox" as anyone who's posted before, and I don't know the other recipients either.)   The headers reveal that the email originated in France. 

 

The link (removed for obvious reasons) goes to some offshore site - no doubt it hosts either a phishing attack or just pure malware/ransomware.

 

This is just another great example why you need to be careful and examine each email for links and content that may look legitimate upon a cursory glance.

 

To paraphrase the tag line some others use here on the list:

 

"Always Vigilant",

 

--Sherrod

 

 



References: Caution: targeted infected email supposedly from "CRTech"
(Sherrod Munday <smunday@ieee.org>, 29 Mar 2017 12:53:33 -0000)
RE: Caution: targeted infected email supposedly from "CRTech"
("Ron Huckeby" <huckebyrj@gmail.com>, 30 Mar 2017 04:02:06 -0000)
Re: Caution: targeted infected email supposedly from "CRTech"
(Nicholas Tobiason <nickt@ynop.org>, 30 Mar 2017 05:03:38 -0000)
Prev by date: Re: Caution: targeted infected email supposedly from "CRTech"
(Nicholas Tobiason, 30 Mar 2017 05:03:38 -0000)
Next by date: Re: Barix as backup STL
(Chris Wygal, 30 Mar 2017 14:00:13 -0000)
Prev by thread: Re: Caution: targeted infected email supposedly from "CRTech"
(Nicholas Tobiason, 30 Mar 2017 05:03:38 -0000)
Next by thread: Re: Caution: targeted infected email supposedly from "CRTech"
(Sherrod Munday, 30 Mar 2017 16:23:56 -0000)
CRTech.org