I got a pretty good-looking “LJ Support” email claiming my password had been changed and that my new one was attached. Since it was an obvious phish I went through the headers. They appear to have managed to bounce it off LJ’s mail server somehow, although it originates at someone’s cable modem.
In any case the “attachment” is the usual trojan horse in a zip file that will no doubt do something ugly to your Windows machine.
Don’t touch it; it’s evil.
Be My Blog 
I don’t mean to be dense, but can opening a zip file hurt you these days? I’ve always been mildly curious to check the contents to see exactly how stupid they think I am, but never bothered taking the extra step of downloading the attachment from my mailserver, much less opening it.
LikeLike
I’m not a Windows guru, but I think it exploits some vulnerability if you have winzip set to install things. When I unzip it on my mac, it creates a file that has a load of escapes in its name and a .pif extension, probably causing some crap you don’t need in your life to get installed.
It looked ugly enough that I’m sure at least on some systems it automatically ruins your life.
LikeLike
I’m guessing they sent it to your @livejournal.com address (without or without a forged From address) to get it to bounce through the LJ servers.
LikeLike