I received this e-mail today, with an attached file called “Readme.pif”.
Dear user, the management of Bergersen.net mailing system wants to let you know that,
Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.
Pay attention on attached file.
Have a good day,
The Bergersen.net team http://www.bergersen.net
Of course, I AM the bergersen.net team – AND Norton had deleted the PIF file before it even appeared in my attach directory (not that I have ever opened a PIF file in my life, or would – for that matter).
Its interesting to see I am not alone in receiving a virus/trojan this way. Norwegian blogger Anders Jacobsen also received a similar (but not exact replicate) of the message today: Cheeky cheeky spammers (Anders Jacobsen’s blog)
It’s only kind of smart the virus, it works only for the US.
here when I receive it, it says that “the management of com.br mailing system”, because it is not supposed to handle the country suffix
They are doing an easy match to find the domain name. BUT its not right that it will only work for the US. While a few top level domains use “sub level domains” to distinguish between commercial, educational and government type sites, most don’t. (Like .no, .se, .dk, .de etc.)