I had an “interesting” bit of crap email this morning. I’m not sure that thieving threatening bastard email counts as “spam”, so I’ll continue to call it crap.
Basically, it’s a poorly spelled email that threatens me to stop downloading illegally copied copyright material from the web or else their “organisation”, ICS, will get me disconnected!
The mail has an attachment, a zip file, which contains an executable, which contains a Trojan which my NOD32 identifies as Win32/Spy.Goldun.NDJ trojan. I haven’t checked to see what it does, but I can guess.
This is the email content as it appears after NOD32 has cleaned it.
Your internet access is going to get suspended
The Internet Service Provider Consorcium was made to protect the rights of software authors, artists.
We conduct regular wiretapping on our networks, to monitor criminal acts.
We are aware of your illegal activities on the internet wich were originating from
You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.
ICS Monitoring Team
__________ ESET NOD32 Antivirus warning, version of virus signature database 3444 (20080916) __________
Warning, ESET NOD32 Antivirus found the following threats in the message:
user-EA49943X-activities.zip – Win32/Spy.Goldun.NDJ trojan – deleted
user-EA49943X-activities.zip > ZIP > user-EA49943X-activities.exe – Win32/Spy.Goldun.NDJ trojan – was a part of the deleted object
You get a point for spotting every item of bad spelling, syntax and clumsy speech!