This post originated from an RSS feed registered with Ruby Buzz by James Britt. Original Post: Virus Attack by way of Ruby-lang.org Spoof Feed Title: James Britt: Ruby Development Feed URL: http://feeds.feedburner.com/JamesBritt-Home Feed Description: James Britt: Playing with better toys Latest Ruby Buzz Posts Latest Ruby Buzz Posts by James Britt Latest Posts From James Britt: Ruby Development

I happen to have an E-mail account with ruby-lang.org. There's a geek coolness factor in that, but as a practical matter I tend to stick to using addresses directly related to other domains. So I was quite surprised to see E-mail arrive on that account, and extra surprised when the first message told me I had successfully updated the password of my Ruby-lang account. And the second message then said my account was suspended due to a security issue.

But there were some signs that this was not quite on the level. The first message had a gibberish subject line. And both messages included zip file attachments. The zip files contained, Surprise!, executables.

Actually, one had an executable, with a laughable attempt to obscure the .exe file extension; the other had a .scr file, equally poorly disguised.

I've brought this to the attention of folks at ruby-lang.org, but if you've an account there, take notice.