Warning by Rossi: malware in Fabio Penon pretended attachment

  • From JoNP by Andrea Rossi


    if you want to help the community, send it to
    https://www.virustotal.com/



    that is their job


    don't read it on a (non throwable) computer even if is said safe.


    anyway did someone received such an e-mail? what was the detected malware ?

  • This is the text part of the email itself. I do not have the attachment.


    Dear All:
    The same source from North Carolina is sending to my contacts an email signed "Fabio Penon"
    The email comes from mariano.talleresarenal and obviously is a fake; it contains an attachment that, if opened, makes your computer hacked.
    Please delete from your computer this message immediately as you receive it.
    Please inform your contacts about this.
    Warmest Regards,
    Andrea

  • Timar wrote:
    It probably contains the leaked ERV report and Rossi doesn't want us to read it


    Perhaps someone will take a hit for the team and open it up, which would require ignoring Rossi's magnanimous wishes to help prevent us from picking up a computer virus.


    Not advisable if you don't know what you are doing. I have no problem looking at any mail, but would not use my email program to do it. I'd use a simple text editor on the mailbox file. Alan sent an unclear message here, reporting a message with no attachment that was the message from Rossi. What? Rossi's warning was hysterical, not skillful. No details. Email headers, for example, tell quite a story, but are safe. That's what I'd pull up with a text editor.

  • . Alan sent an unclear message here, reporting a message with no attachment that was the message from Rossi


     
    There was nothing unclear about it at all, my message simply contained a pasted copy of Rossi's email about the rogue attachment. It (obviously) would not be sensible for Rossi -or anyone - to forward the attachment itself. As for the email header, it was not included in full, just the truncated version you see. How would another 20 paragraphs from me shed any more light on the content?

  • Abd Ul-Rahman Lomax wrote:
    . Alan sent an unclear message here, reporting a message with no attachment that was the message from Rossi



    There was nothing unclear about it at all, my message simply contained a pasted copy of Rossi's email about the rogue attachment. It (obviously) would not be sensible for Rossi -or anyone - to forward the attachment itself. As for the email header, it was not included in full, just the truncated version you see. How would another 20 paragraphs from me shed any more light on the content?

    You have now explained what your post was. Believe it or not, it wasn't clear. Rossi's announcement was about an "email." You put up "the email." But it was not the email Rossi was warning about, it was Rossi's warning itself. Did you receive his warning as an email, presumably from him?

  • Barty. The thread title is,, Warning by Rossi: malware etc etc., And the first post is about the 'warning by Rossi'....The email I pasted in was that very warning. Not signed by Penon. How confusing is that, especially as we are still on page 1? For someone with a fine legal mind I would have thought 'not at all'..

  • Abd, believe me, if you read the contents of that email and look at the signature appended to it, the who why and how of it is entirely clear.


    Alan, you still are not clear. You received an email? Nobody other than you, and Rossi, has reported receiving an email, and this thread was started about an "email." You then put up "the email." So what would be a normal reading?


    Emails come with headers that indicate the source and transmission history of the mail. Rossi's announcement on JONP, which is what this thread is about, used the term "signature" to refer to the From Header, probably.


    Here is the original announcement, URL http://www.journal-of-nuclear-physics.com/?p=892&cpage=175#comment-1240058



    What you posted was this:


    From your clarification, your introductory sentence was misleading, as I wrote above. This was not "the email" under discussion, but rather a warning from Rossi, probably sent to "his contacts."


    What Rossi may not have realized is that if this is true, his own email has probably been hacked. Otherwise how would the sender know who his contacts are? Maybe they guessed, but he should definitely take major security precautions.


    The limitation of the warning in the email to a specific source address would be next to useless, because such emails may appear to come from any address, and this can be varied with each and every mail.


    This was his earlier warning:



    Rossi seems naive here, though it's not actually clear. The From address might be genuine, if this is a very primitive attempt from some "imbecile." However, it could also be a spoofed address, intended to attack and discredit "south127". Notice that to read the "andrea rossi" signature, one must open the email (or at least a prevue of it). Opening the attachment is typically a separate action.


    Assuming this is all genuine from Rossi, I hope the hacker gets whacked. In my view, this is a major offense, it is properly a felony, and these offenses cause enormous damage, in the billions of dollars in value. Even a small-scale attack, aimed at Rossi contacts, should be treated very seriously.


    If anyone has received such mails, simply deleting them is not a powerful response. Obviously, one would want to quarantine such and if one doesn't know how to do this, then deletion is simple. Not everyone is obligated to preserve evidence.


    One more point: Rossi talks about his "enemies." As to anyone of substance, this is very unlikely to come from them, because the risk would be very great. These things can be tracked down, server logs can be subpoenaed, etc. If this is pursued, the malefactor can be identified, very likely, unless he is very sophisticated.