On Mon, 03 Feb 2014 22:33:05 +0100 phrag phrag@phra.gs allegedly wrote:
FYI: Just got this to my Tor relay mail address, with a zip file attached extracting to a '.scr' win exe. Curiously routed via a .gov.uk mail relay...
GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS Windows
I don't think there is anything sinister about this. Yesterday, an old friend of mine sent me the same details relating to an attack he had seen (completely unrelated to Tor). The attachments he sent me were confirmed by virustotal as containing the zeus trojan - usually used in theft of banking credentials.
The fact that the attack appears to come from UK GSI email servers is odd, but since the NHS website was compromised yesterday (1), I speculate it may be related - i.e. somebody may be taking a swipe at UK Gov services for reasons which escape me....
(1) http://www.theregister.co.uk/2014/02/03/nhs_choices_website_serves_up_100s_o...
Mick ---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------