general warning about LJ phishing email

I got a pretty good-looking “LJ Support” email claiming my password had been changed and that my new one was attached. Since it was an obvious phish I went through the headers. They appear to have managed to bounce it off LJ’s mail server somehow, although it originates at someone’s cable modem.

In any case the “attachment” is the usual trojan horse in a zip file that will no doubt do something ugly to your Windows machine.

Don’t touch it; it’s evil.

3 thoughts on “general warning about LJ phishing email

  1. I don’t mean to be dense, but can opening a zip file hurt you these days? I’ve always been mildly curious to check the contents to see exactly how stupid they think I am, but never bothered taking the extra step of downloading the attachment from my mailserver, much less opening it.

    1. I’m not a Windows guru, but I think it exploits some vulnerability if you have winzip set to install things. When I unzip it on my mac, it creates a file that has a load of escapes in its name and a .pif extension, probably causing some crap you don’t need in your life to get installed.
      It looked ugly enough that I’m sure at least on some systems it automatically ruins your life.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.