Spam Scam #6: The Internet Service Provider ConsorciumOk, time to discuss another malware email that I received today. I wanted to describe this so that I can help others learn to identify scam/malware emails. The body of the email is as follows:
Return-Path: <monitoring@isp.com>
X-Original-To:
rick@ekle.usReceived: from isp.com (unknown [192.206.246.200])
for <rick@kle.us>; Tue, 23 Sep 2008 05:12:49 -0700 (PDT)
From:
monitoring@isp.comTo:
rick@kle.usSubject: Your internet access is going to get suspended
Date: Tue, 23 Sep 2008 07:12:49 -0500
Dear Sir!
The Internet Service Provider Consorcium was made to protect the rights of software
authors, artists. We conduct regular wiretapping on our networks, to monitor
criminal acts.
We are aware of your illegal activities on the internet which were originating from
You can check the report of your activities in the past 6 months that we have
attached. We strongly advise you to stop your activities regarding the illegal
downloading of copyrighted material or your internet access will be suspended.
Sincerely
ISC monitoring team
Attachment: user-EA3911X-activities.zip
Ok, so how do I know this is a scam? Let's describe each in detail.
From Email Address:
monitoring@isp.com First of all, this email address is very generic. 'isp.com' is not the domain name of my ISP. Had this been the domain name of my ISP, I might be inclined to believe it is real. Because this is a very generic name it is clearly fake. However, to the uneducated, they may think that it is their ISP sending this instead of a generic 'ISP'. Plus, the from email address of an email is easily faked. These should never be trusted.
From IP Address: 192.206.246.200
The IP address that sent an email cannot be faked. Had this email truly been from my IP address, it would have been within an IP range owned by my ISP. I just looked up the geographic location of this IP and it returned that it is from the 'CARROLLTON-FARMERS BRANCH INDEPENDENT SCHOOL DIST'. In other words, it's a school in Texas somewhere. I live in Florida. My ISP is not a school in Texas! This email likely came from a 'zombie' computer in a gradeschool district in Texas somewhere.
'Consorcium'
Misspellings are often a sign of scam emails. The misspelled word 'Consorcium' in the email is a blatant sign that this email is fake. The correct spelling is 'consortium', by the way, as any spell-checker will tell you.
Scare Tactics
This message is clearly meant to try to scare you. It accuses you of engaging in illegal activity on the Internet. It basically threatens you to open the attached file or you will lose your Internet access. Suddenly you are afraid of not only losing your Internet access but of going to jail! A true email on this subject would likely be much more polite.
Zip file attachments
Any time I see an attachment that is a ZIP or an EXE I instantly get very suspicious. This attachment is usually the malware program. You unzip the attachment, run the EXE inside and your computer is infected. I downloaded this attachment (very carefully) and viewed the contents. It contains a file named 'user-EA3911X-activities.exe'. Clearly this is not a record of your 'violations'. If it were it would likely be in a text file or a Word document or something similar. An EXE means this is a program. Were you to run this program it would likely infect your computer. However, when I attempted to extract this program so i can scan it with my virus checker to see what kind of virus/malware it is, my unzip program reported that the zip file was corrupt! These stupid malware people can't even send a valid zip file!
Another version currently being distributed poses as a threatening "complaint" email accusing the recipient of sending emails containing viruses and instructs him or her to open an attachment supposedly containing email log files. Like the "Internet Service Provider Consorcium" variant discussed here, the emails carry .zip file attachments containing malware.
Internet users should always be very cautious of opening attachments that arrive with unsolicited emails. Do not be panicked by threatening complaints or false accusations into opening attachments without due care and attention.
.
Login
Register
FAQ
Search
Calendar
