[time-nuts] From the Admins: Forged time-nuts messages

[John Ackermann N8UR]

Several time-nuts subscribers have recently reported that they've 
received malicious email messages claiming to be from the time-nuts list 
or from known members of the list.  At first glance, the messages might 
appear legitimate because they include text taken from old time-nuts 
postings.  But their real purpose is to deliver an attachment containing 
malicious code intended to infect your computer.

These messages were not sent through the time-nuts list.  A hacker got 
access to a time-nuts subscriber's personal address book or maybe they 
scanned the public time-nuts archives.  They used that information to 
forge messages to look as though they came from the list.

In these recent messages the forgeries aren't particularly good; while 
the "From" header says "Time nuts" the email address in brackets 
following the name is obviously not from the mailing list (for example 
"From: Time nuts <badguy at hacker.com>"). Sometimes, though, the forgeries 
are much better, and can be very difficult to spot.

Unfortunately, there's not much that can be done about malicious email 
like this.  The messages don't go through our server so we can't block 
them.  Spam filters are good, but not perfect, and tricks like including 
seemingly real text in the message can fool them into accepting a 
dangerous message.

Our advice is to be vigilant: Never open attachments, or click links, in 
an email that you haven't verified is real.  Look at the headers and 
body of any suspicious message; the clues are often fairly obvious. 
Don't forward suspicious messages as that may spread the malware.

Further discussion is welcome at the time nuts support email address: 
time-nuts-owner at lists.febo.com; to help keep the main 
time-nuts at lists.febo.com address as on-topic as possible, please don't 
follow-up here.

Thanks,
The Time-Nuts Admins