<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Hey,<br>
<br>
It doesn't seem to be targetted. It looks like your email was sucked
into a spamlist to send malware too. For malware researchers, the
sample can be obtained over here:
<a class="moz-txt-link-freetext" href="https://malwr.com/analysis/YjQ1Y2FjZTcxMTgxNDgwNmE4MWIyYjIzN2RjNWM1YTc/">https://malwr.com/analysis/YjQ1Y2FjZTcxMTgxNDgwNmE4MWIyYjIzN2RjNWM1YTc/</a><br>
<br>
Jurre<br>
<br>
On 02/03/2014 10:33 PM, phrag wrote:<br>
<span style="white-space: pre;">> FYI: Just got this to my Tor
relay mail address, with a zip file<br>
> attached extracting to a '.scr' win exe. Curiously routed via
a .gov.uk<br>
> mail relay...<br>
><br>
> GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS
Windows<br>
><br>
> MD5: dba1e52929f6ca9d1a1bf87e4ff469cf GB2546241.zip<br>
> MD5: fb1141494829b144b0075035022cfbb9 GB03022014.scr<br>
><br>
> Samples available on request. Full mail headers attached.<br>
><br>
> ==========<br>
><br>
> From <a class="moz-txt-link-abbreviated" href="mailto:defeats871@richszabo.com">defeats871@richszabo.com</a> Mon Feb 03 14:06:39 2014<br>
> Return-path: <a class="moz-txt-link-rfc2396E" href="mailto:defeats871@richszabo.com"><defeats871@richszabo.com></a><br>
> Received: from [217.109.27.97] (helo=WNACDHPXR)<br>
> Received: from mail1.bemta14.messagelabs.com by
server.justinarcher.net<br>
> Received: from gateway-102.energis.gsi.gov.uk (HELO<br>
> mx.hosting-w.gsi.gov.uk) (62.25.106.208) by<br>
> server-10.tower-205.messagelabs.com<br>
> X-Env-Sender: <a class="moz-txt-link-abbreviated" href="mailto:gateway.confirmation@gateway.gov.uk">gateway.confirmation@gateway.gov.uk</a><br>
><br>
> From: <a class="moz-txt-link-rfc2396E" href="mailto:gateway.confirmation@gateway.gov.uk"><gateway.confirmation@gateway.gov.uk></a><br>
> To: <a class="moz-txt-link-rfc2396E" href="mailto:tor@phra.gs"><tor@phra.gs></a><br>
> Subject: Your Online Submission for Reference 485/GB2546241
Could not<br>
> process<br>
> Date: Mon, 3 Feb 2014 22:16:02 +0100<br>
><br>
> The submission for reference 485/GB2546241 was successfully
received and<br>
> was not processed.<br>
> Check attached copy for more information.<br>
> This is an automatically generated email. Please do not reply
as the<br>
> email address is not monitored for received mail.<br>
><br>
> ==========<br>
><br>
><br>
> _______________________________________________<br>
> tor-relays mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a><br>
>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a></span><br>
<br>
<br>
- -- <br>
Developer at <a class="moz-txt-link-freetext" href="https://www.useotrproject.org/">https://www.useotrproject.org/</a><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.12 (GNU/Linux)<br>
<br>
iQEcBAEBAgAGBQJS8BI/AAoJELc5KWfqgB0CQKAIAJxDYAzGZoZ17ijKoLWwfcvA<br>
WaemQ3x9prjx5EU8cNwT2KWnnAX3kVqipDy4nxifKTg0Z6n6iPXZxG4MmEiYCo4+<br>
i6Y2LuqY1MMxSKCB9LEDVbs7aAeTStO26kOVxxk1hV7pcyIppJAM8P7loaYkjaVy<br>
7BY7IeqUMvwCZ98EqI13MzuRTC/Hu1+lMsgya8uDyl7FB2v1ZHzIYBG1RrcwzYKu<br>
5AfhWIBqQTcoKf+8ENpHm2BbUWChuQvqQfmFAieugp4i6xdsaHm8X0xc8UO+qtwK<br>
VO5Q73su/kmzlogbbrdt9BsN5xMCNU9qbWhaeFX3Vc5R0DSNPs4I/jmkF+PYpxA=<br>
=1Th7<br>
-----END PGP SIGNATURE-----<br>
<br>
</body>
</html>