On 24/04/2023 10:24 a.m., Niels Bakker wrote:
* na...@ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]:
Well, I eventually had a friend open the attachment on his Linux machine
Not necessarily a safe idea:
On 4/24/23 9:24 AM, Niels Bakker wrote:
* na...@ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]:
Well, I eventually had a friend open the attachment on his Linux machine
Not necessarily a safe idea:
* na...@ve4.ca (Glen A. Pearce) [Mon 24 Apr 2023, 17:42 CEST]:
Well, I eventually had a friend open the attachment on his Linux machine
Not necessarily a safe idea:
https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/
(scroll down to
Well, I eventually had a friend open the attachment on his Linux machine
and once he confirmed it was safe to open and found there was nothing
in it other than the list of IP addresses, user names and time stamps but
there were a whole bunch of addresses listed I opened the attachment in
Notepad.
Hi,
Governmental services within DTAG (AS3320) ip space is pretty common in
Germany.
but FcrDNS matches. Scammers with access to the bka.de DNS?
Regards
Bjoern
Looks like scam to me, we are based in Germany and from time to time we
are getting requests from BKA, all mails were originated from
"*@bka.bund.de", never heard about ths "cyber.bka.de" Domain.
Also I would expect something more like a specific criminal
investigation from the BKA instead of
Any security “authority” that sends a warning email that requires opening _any_
attachment doesn’t deserve to be taken seriously. This include the MPAA et al.
Also, if they don’t send it to your registered abuse email, into the trash it
should go without a glance.
-mel beckman
On Apr 3,
It appears legit.
BKA.DE is the German Bundeskriminalamt (Federal Police)
And the PTR records, SPF etc check out for the domain.
Might as well check the IP in question for malware if they’ve provided date /
timestamps and such
--srs
From: NANOG on behalf of Glen A.
Pearce
Date: Monday, 3
Hi All:
I received an E-mail with an attachment claiming something
on my network is infected and that I should look at the
attachment to find out what.
Normally I think everything with an attachment is phishing
to get me to run malware but:
#1: The sites linked to in it seem to be legit German
9 matches
Mail list logo