Alison wrote:
Petrusko:
Hey,
Here a copy of a mail containing an attached file logs_petrusko.zip containing .js sent to my mail address used for relays...
This file edit here : https://framabin.org/?0b8d246a55e76e07#deg6j9x5HjLbtOhY9rA6FIiINzthE0t+qfYUJ...
It smells like shit... I'm not 100% sure, but first time it happens on this mailbox. May be a new bot scanning relays informations...?
Take care.
ps: torrc contains this mail address obfuscated... not enough may be ?
Here is the mail (name changed...), :
Dear petrusko
We've been receiving spam mailout from your address recently. Contents and logging of such messages are in the attachment.
Please look into it and contact us.
Best Regards, Marian Henderson ISP Support Tel.: xxx
Hi Petrusko,
I got the same to this riseup account, which is not connected to a relay. So it may be targeting riseup users.
Alison
Hey Alison
I hope you did not open the attachments of that email in your work desktop. Attachments are generally bad and unsolicited attachments are every time bad, especially java, worksheets with macros enabled, plenty of others.
On the abuse handle registered with RIPE for IP addresses used on relays I get a lot of these emails, from fedex / dhl tracking packages for me, my accounting department, legal department, a lot of random companies sending me invoices, payment receipts, refunds, reports, etc etc - all fake and scammy. Such emails should be deleted directly, or if there's a chance for the email to be real open the attachment in a secure environment such as Qubes 'disposable vms' or a virtual machine built only for this, with no data and no other activity on it.