I think I’ve mentioned that I hate Windoze, and refuse to run it on any of my machines, except for rare, very brief occasions when I must do something for which I’m not smart enough to find a work-around.  Instead, I run ubuntu linux.

For those who do not know, linux is a free, open source operating system.  There are several different versions, called distributions.  Of those out there, I prefer ubuntu.  I’ll spare you the details, but it is immune to viruses.  Immune.  Completely.  Well, I guess you could install malicious software on your linux box, but regardless of how ignorant you may be, you’ll definitely know that you’re installing something.  Any software installations or changes to any configuration requires a password.

Anyway, if I had still been running Windows today, they would have gotten me.  I got an e-mail, addressed to me, and only me (multiple recipients, or undisclosed recipients are both immediate flags for virus/scam) from someone with the Recording Industry Association of America, informing me that my IP address has been identified as distributing copyrighted content.  An Internet traffic report was attached.

Why would I think that this might be legitimate?  Because I occasionally download (and reseed) files via bittorrent.  There are many files – software, videos, songs, etc., that are offered free, and I try to limit my activities to those.  However, I do not always take the time to make absolutely certain that everything that I download is indeed free to distribute – something that I think I will change in the future.  Anyway, I figured that I had fucked up somewhere, and was about to get spanked for it.

The attached report was a .zip file that supposedly contained the illicit details.  I uncompressed it, since I knew that doing so could not damage my computer (something that may have presented a risk on a Windows machine).  Well, it uncompressed to an executable (.exe) file.  At that point, I started to suspect that I had been had, but I have seen self-extracting data files that were in .exe format.  I haven’t seen many, but I’ve been running ubuntu almost exclusively for about six years now.  They may be unheard of now, or perhaps very common, I have no idea.  I attempted to read it, and the program told me that it was not a valid compressed file.

By then, I was pretty sure of what was going on, but me being me, I wanted to know what it was that they were trying to infect me with.  The file had already made it through my e-mail server’s virus filter, so it must be something really sneaky and/or something really new.

I ran a few checks on it, and eventually Jotti’s malware scan, which runs a single uploaded file through twenty different programs, identified it as the Heur Virus/Trojan, which seems to be a generic identification of a “possibly” malicious file.  Interestingly, only one of the twenty programs identified it.  Meaning that the other 19, as well as whatever my e-mail server uses, missed it.  So much for anti-virus software.  That one must pay to keep updated.  I love ubuntu.

I’m  going to assume that it is a hoax, and I’m not really in any trouble.  Clues I missed:

  1. It was sent to my yahoo e-mail address, not to my main ISP-based address, which is where it should have been sent had someone actually tracked down my IP address.
  2. The fonts were slightly different in the body of the e-mail vs. the signature part of the e-mail.  This can happen if someone changes their default message font but not the signature that is added to every e-mail, which is why I ignored it initially.
  3. The wording was slightly awkward.  Not 419-scam bad, but a little weird.
  4. There was no RIAA logo or symbol, just a text-based e-mail.
  5. The attachment was compressed (.zip) yet when unzipped was an executable.  If the .exe were really a self-extracting file, there would have been no need to zip it also.
  6. There are thousands of people sharing definitely copyrighted material at any given time.  My minimal activity would never have raised any flags, even if I had inadvertently downloaded and shared a copyrighted file.  Sure, Nanny .gov is probably watching me for a whole slew of reasons.  But, if they had identified something illegal, they would come after me themselves, instead of turning the matter over to a private company.  When was the last time .gov ever deferred to anyone?

Learn from my mistakes.  The sonsabitches are getting trickier.  Either that, or I’m getting dumber.

After writing this, but before proofreading it, I checked an old e-mail address that I seldom use.  In the spam folder, I found the exact same e-mail, except that this one was from a different person at RIAA and had multiple addressees.  Damn overreaching government – makes everyone paranoid that they’re doing something wrong without realizing it.

This entry was posted in Uncategorized. Bookmark the permalink.

2 Responses to Virusmongers

  1. 48colorrainbow says:

    I was one of several carbon copy recipients of that email a few days ago (which should have told me right then and there it was most likely a fake).

    • alaskan454 says:

      The multiple recipients is normally the first flag for me. The second is the poor English that the Nigerian cons usually contain. Somehow, I don’t think that either of us are in any trouble.

      Thanks for stopping by!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s