Topic awaiting preservation: Virus warning

I was reading another forum and a couple of people there had receive official looking letters saying that their servers were generating spam and there are attached instructions to keep their computers safe. The email says the attachement is password protected for security.

The attachment contains a virus to send other e-mails like this one. Don't open it.

Thought you would want to know about this.


Here is an example of the kind of letter sent:

quote:

---

Dear user of "Mydomain.com" mailing system,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Please, read the attach for further details.

For security purposes the attached file is password protected. Password is "05706".

Sincerely,
The Mydomain.com team http://www.mydomain.com

---

-- not necessarily stoned... just beautiful.

That one almost got me the other day. I was within pixels of clicking on the "Ok" button to open the .zip file when I thought twice about it and contact my ISP. They confirmed it was a hoax and virus.

What caught my attention was that it really didn't look like something that would come from Time Warner Cable, my ISP, also a HUGE corporation into sending nice, professional looking HTML messages for everything... It just didn't look believable.

Them virus makers are gettin' sneakier, but they didn't catch me this time!




Cell 617

Yeah good warning.

I got this from "support@bitdamaged.com" which gave me a WTF?? There IS no support at bitdamaged.com it's my damn domain!



.:[ Never resist a perfect moment ]:.

How many more faked messages people need to receive to learn how to avoid them?

This one got me. It used support@tamu.edu or something like that. tamu.edu is my University's domain so I guessed it was ok until my firewall told me it wanted to act as its own email server. heh, nope. Virus scan picked it up. Yea for ZoneAlarm.

---------------------------------------
www.bonfirecoalition.com.
---------------------------------------

I just received an email from support@videotron.ca (my ISP). The file had a virus attached to it.
We were also infected at work last week with mydoom. the attachments came in many flavours.
for example, you would see a word document (complete with word icon) and it was actually the mydoom virus.
If you saved the attachment to a folder and stretched out the file name column you would see it was an exe disguised as a doc by padding the file name with dozens of spaces (these were not visible from outlook). for example: budget.doc <enter spaces here> .exe

edit. hmmm, looks like this server like to strip out extra spaces.

[This message has been edited by Shooting_Star (edited 03-10-2004).]

it will unless you do the (and)nbsp; deal about a million times.

        foo


[antique sigs are us]

[This message has been edited by eyezaer (edited 03-10-2004).]

Look at the header before opening any suspicious mail to see where it's truly coming from.

In Outlook you can do this by right clicking the mail in your inbox and choosing "options" from the popup context menu. I'm sure other mail programs have this capability as well, it's pretty basic, try the View menu in your client if it's not available in a context menu.

I have had about a month go by with various computer issues (new computer, mving computers around the house, transferring files and the like) during which my 'catch-all' email account on my domain was not being checked.

I opened it up last night to find 884 emails from the various worms that have come out over the last few weeks.

Many of the 'from' addresses were various names @my domain, about 50 or so were even my own email address. There were also a lot of 'whoever' @cnn.com, and a lot of "support" @ wherever, and a lot from my cable company.

The subject lines were mostly "hi" "hello" "test" "server stats" or "undeliverable mail" (along with plenty that were plain gibberish).

all of them had absurd body text, and all of them had either a .zip, .pif, or .htc attached.

Amazing...

Of course, as has been said, if "support" @ anywhere is sending you zipped files.....don't beleive it. =)

quote:

---

during which my 'catch-all' email account on my domain was not being checked

---

I strongly suggest disabling the catch-all feature from your account. Nowadays, because of spamming, it's not anymore useful to have it. You'll probably get one valid message (someone trustful trying to reach you with a non-existent address in your account) for every one million bad ones (spams). Setup individual addresses, instead.

I have individual addresses as well, but I use addresses that aren't actually set up as accounts for various reasons.

On the whole, it's useful to have, and when I have my email client properly set up (as it is now that I am done with my other computer issues), the crap gets filtered out pretty effectively.

Info from Mcfee.

"A competition between computer-virus writers is
responsible for more than a dozen recent variants of the Mydoom, Netsky
and Bagle viruses in the past weeks".

~Sig coming soon~

I agree with DL and suspect I treat the catch all much the same. I have one or 2 real addresses then I use whatever@ for product registration and the like in order to filter things with Outlook rules down the line. The most effective filtering I've ever run across (I trust no automated spam filters, I'd rather delete mail myself if I don't want it).

dell@ - sony@ - etc etc get filtered to a "product info" folder
dreamhost@ - netsol@ - etc etc get filtered to a "web" folder
webspam@ - schmuru@ - (addresses that get posted on the web) - etc etc go to a "reveiw and most likely delete" folder

those all come through my cacth all then I'm able to filter based on the TO address. Also good for ascertaining who the scoundrel is that sold your address to the Viagra people

What I do is: catch all disabled, one real address for me (unfortunately too much known by now, due to bad management of it), one for my wife, one for all the rest. When this last one becomes too much known, I change it.

So does anybody got a solution if you are infected.
Any programs to dowonlad to fix the problem.

Thanks!
/OlssonE

http://housecall.antivirus.com is usally my quick fix online virus scan of choice - works only in IE, though. (it relies on ActiveX to scan your harddisk, I fear)