In the last six months it seems the amount of malicious email I receive has increased quite a bit and I’m afraid to open my email at times. These messages have attachments with zipped(compressed) payloads to infect my computer. I have a Linux computer I use to open these suspicious emails, Linux is a safer operating system than Microsoft Windows. There is also Comodo Antivirus on this computer as well. One email message this week was from a normal sounding person, Jacklyn Strickland with a title about my “order status”. I examined the sender’s email address and it was from an Australian domain. I’ve never ordered anything from Australia that I know of. The message’s sender address could be spoofed and sometimes if you examine the complete header and source of the email, it reveals the real originating address. Once I did this I found an IP address in the header and did a whois Linux command on it. This came back to a Guadalajara, Mexico domain so I know something’s wrong. I expanded the attachment and found three files: two javascripts and one called bootloader. A legitimate email would not have sent me a JavaScript compressed file; it would have been a PDF file a text file. My anti-virus program didn’t find anything malicious in the JavaScript but it was still suspicious.
260-414-9617
media@gconsult.us
