Advertisers and others with email addresses in A.M. Costa Rica have been targeted by a spammer who sent out messages Sunday using the newspaper name.
The messages contained a zip file that most certainly holds a malicious program.
The newspaper has been under attack by spammers for the last three weeks. This is the first time that the spammers targeted advertisers. The email addresses appear to come from ads running in the newspaper.
The email originated at this address: firstname.lastname@example.org. The path of the fake message passes through the Google server and may have come from Coudersport, Pennsylvania, via a Times Warner Internet cable. The real origin is hard to pinpoint because the spammers sent the message through various servers, including one in Green Bay, Wisconsin.
The message was designed specifically for A.M. Costa Rica advertisers because it contained the newspaper’s street address.
The message said:
“Please see attached for an updated version of the Project sales report, which includes a merits & transaction page. If you have any questions, please feel free to ask.”
Although A.M. Costa Rica frequently sends out invoices in a .pdf attachment, it never sends zip files, and editors and other employees do not open zip files, regardless of the source.
Technicians at the A.M. Costa Rica server have said that there is no way to prevent such messages because they are sent from a computer outside the newspaper’s email system.
The IP address from which the message was sent shows up on some blacklists.