Last Updated: 2010-07-03 22:35:44 UTC
by Deborah Hale (Version: 1)
This morning in my abuse@ inbox I had an email that appeared to come from one of my users. It appeared to be the typical Delivery Status Notification Failure.
As the mail admin and abuse coordinator for a small ISP it is not unusual for the customers to forward these notices to me with a request to determine why
they can't email.
As I have done a few hundred times in the past I right clicked on the failure notice to look at the reason given by the NDR. Imagine my shock when my
computer immediately began running JAVA. I immediately killed the process and booted my computer into safe mode so that I could try to determine the
just exactly what had happened. As soon as the laptop booted up my AV and Windows Defender both reported that I had Trojan.bredo. I ran my cleanup
and researched the characteristics of this Trojan and the files that are altered. About 2 hours later it appears that I was able to recover from this attempt
to infect my computer.
I just wanted to give you a heads up. It looks the scumbags are now using NDR and Failure reports to attempt to further their malicious activity.
Deb Hale Long Lines, LLC