Forgotten, infected websites can haunt users with malware.
Last night, I received a malicious email. The problem is, it was sent to an account I use to register for websites and nothing else.
Over the years, I’ve signed up for hundreds of sites using this account, from news to garden centres. One of them has been compromised. The mere act of receiving the email immediately marked it out as dodgy.
The friendly, well-written message was a refreshing change from the usual approach, which most often demands immediate, unthinking action. The sender, however, could only call me “J” as he didn’t have my forename. The sender had attached a a protected file and supplied the password. It was a contract, he said, and he looked forward to hearing back from me.
The headers said the email came from a French telecoms company. Was someone on a spending spree with my money? My PayPal and bank accounts showed no withdrawals.
Curious about the payload, I spun up a suitably isolated Windows 10 victim system, and detonated the attachment. It had the cheek to complain about having no route to the outside world. I tried again, this time with an open internet connection. A randomly-named process quickly opened and closed, while the file reported a corruption. Maybe the victim system had the wrong version of Windows installed, or the wrong vulnerabilities exposed. Possibly my IP address was in the wrong territory. But more likely, the file spotted the monitoring software and aborted its run with a suitably misleading message.
Infected websites from history
Disappointed, after deleting the victim system I wondered which site out of hundreds could have been compromised. I’ll probably never know, but it does reveal a deeper worry about life online.
Over the years, we all sign up for plenty of sites about which we subsequently forget, and usually with whichever email address is most convenient. It’s surely only a matter of time before the bad guys hack old, forgotten sites that then return to haunt us with something more focused than malicious commodity spam. Especially if we’ve been silly enough to provide a full or real name and address.
Because of this, it pays to set up dedicated accounts for registrations, or use temporary addresses from places such as Guerrilla Mail.