Closed Thread Icon

Topic awaiting preservation: Virus warning Pages that link to <a href="https://ozoneasylum.com/backlink?for=7681" title="Pages that link to Topic awaiting preservation: Virus warning" rel="nofollow" >Topic awaiting preservation: Virus warning\

 
Author Thread
hyperbole
Paranoid (IV) Inmate

From: Madison, Indiana, USA
Insane since: Aug 2000

posted posted 03-09-2004 21:18

I was reading another forum and a couple of people there had receive official looking letters saying that their servers were generating spam and there are attached instructions to keep their computers safe. The email says the attachement is password protected for security.

The attachment contains a virus to send other e-mails like this one. Don't open it.

Thought you would want to know about this.


Here is an example of the kind of letter sent:

quote:
Dear user of "Mydomain.com" mailing system,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

Please, read the attach for further details.

For security purposes the attached file is password protected. Password is "05706".

Sincerely,
The Mydomain.com team http://www.mydomain.com



-- not necessarily stoned... just beautiful.

bodhi23
Paranoid (IV) Inmate

From: Greensboro, NC USA
Insane since: Jun 2002

posted posted 03-09-2004 21:45

That one almost got me the other day. I was within pixels of clicking on the "Ok" button to open the .zip file when I thought twice about it and contact my ISP. They confirmed it was a hoax and virus.

What caught my attention was that it really didn't look like something that would come from Time Warner Cable, my ISP, also a HUGE corporation into sending nice, professional looking HTML messages for everything... It just didn't look believable.

Them virus makers are gettin' sneakier, but they didn't catch me this time!




Cell 617

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 03-10-2004 00:42

Yeah good warning.

I got this from "support@bitdamaged.com" which gave me a WTF?? There IS no support at bitdamaged.com it's my damn domain!



.:[ Never resist a perfect moment ]:.

viol
Maniac (V) Inmate

From: Charles River
Insane since: May 2002

posted posted 03-10-2004 01:24

How many more faked messages people need to receive to learn how to avoid them?

SPyX
Bipolar (III) Inmate

From: College Station, TX
Insane since: Aug 2002

posted posted 03-10-2004 01:38

This one got me. It used support@tamu.edu or something like that. tamu.edu is my University's domain so I guessed it was ok until my firewall told me it wanted to act as its own email server. heh, nope. Virus scan picked it up. Yea for ZoneAlarm.

---------------------------------------
www.bonfirecoalition.com.
---------------------------------------

Shooting_Star
Nervous Wreck (II) Inmate

From:
Insane since: Feb 2004

posted posted 03-10-2004 02:17

I just received an email from support@videotron.ca (my ISP). The file had a virus attached to it.
We were also infected at work last week with mydoom. the attachments came in many flavours.
for example, you would see a word document (complete with word icon) and it was actually the mydoom virus.
If you saved the attachment to a folder and stretched out the file name column you would see it was an exe disguised as a doc by padding the file name with dozens of spaces (these were not visible from outlook). for example: budget.doc <enter spaces here> .exe

edit. hmmm, looks like this server like to strip out extra spaces.

[This message has been edited by Shooting_Star (edited 03-10-2004).]

eyezaer
Lunatic (VI) Mad Scientist

From: the Psychiatric Ward
Insane since: Sep 2000

posted posted 03-10-2004 03:03

it will unless you do the (and)nbsp; deal about a million times.

        foo


[antique sigs are us]

[This message has been edited by eyezaer (edited 03-10-2004).]

JKMabry
Maniac (V) Inmate

From: out of a sleepy funk
Insane since: Aug 2000

posted posted 03-10-2004 16:08

Look at the header before opening any suspicious mail to see where it's truly coming from.

In Outlook you can do this by right clicking the mail in your inbox and choosing "options" from the popup context menu. I'm sure other mail programs have this capability as well, it's pretty basic, try the View menu in your client if it's not available in a context menu.

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 03-10-2004 18:21

I have had about a month go by with various computer issues (new computer, mving computers around the house, transferring files and the like) during which my 'catch-all' email account on my domain was not being checked.

I opened it up last night to find 884 emails from the various worms that have come out over the last few weeks.

Many of the 'from' addresses were various names @my domain, about 50 or so were even my own email address. There were also a lot of 'whoever' @cnn.com, and a lot of "support" @ wherever, and a lot from my cable company.

The subject lines were mostly "hi" "hello" "test" "server stats" or "undeliverable mail" (along with plenty that were plain gibberish).

all of them had absurd body text, and all of them had either a .zip, .pif, or .htc attached.

Amazing...

Of course, as has been said, if "support" @ anywhere is sending you zipped files.....don't beleive it. =)



viol
Maniac (V) Inmate

From: Charles River
Insane since: May 2002

posted posted 03-10-2004 18:55
quote:
during which my 'catch-all' email account on my domain was not being checked


I strongly suggest disabling the catch-all feature from your account. Nowadays, because of spamming, it's not anymore useful to have it. You'll probably get one valid message (someone trustful trying to reach you with a non-existent address in your account) for every one million bad ones (spams). Setup individual addresses, instead.

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 03-10-2004 20:18

I have individual addresses as well, but I use addresses that aren't actually set up as accounts for various reasons.

On the whole, it's useful to have, and when I have my email client properly set up (as it is now that I am done with my other computer issues), the crap gets filtered out pretty effectively.

binary
Bipolar (III) Inmate

From: Under the Bridge
Insane since: Nov 2002

posted posted 03-12-2004 12:45

Info from Mcfee.

"A competition between computer-virus writers is
responsible for more than a dozen recent variants of the Mydoom, Netsky
and Bagle viruses in the past weeks".

~Sig coming soon~

JKMabry
Maniac (V) Inmate

From: out of a sleepy funk
Insane since: Aug 2000

posted posted 03-12-2004 18:52

I agree with DL and suspect I treat the catch all much the same. I have one or 2 real addresses then I use whatever@ for product registration and the like in order to filter things with Outlook rules down the line. The most effective filtering I've ever run across (I trust no automated spam filters, I'd rather delete mail myself if I don't want it).

dell@ - sony@ - etc etc get filtered to a "product info" folder
dreamhost@ - netsol@ - etc etc get filtered to a "web" folder
webspam@ - schmuru@ - (addresses that get posted on the web) - etc etc go to a "reveiw and most likely delete" folder

those all come through my cacth all then I'm able to filter based on the TO address. Also good for ascertaining who the scoundrel is that sold your address to the Viagra people

viol
Maniac (V) Inmate

From: Charles River
Insane since: May 2002

posted posted 03-12-2004 21:25

What I do is: catch all disabled, one real address for me (unfortunately too much known by now, due to bad management of it), one for my wife, one for all the rest. When this last one becomes too much known, I change it.

OlssonE
Maniac (V) Inmate

From:  Eagleshieldsbay, Sweden
Insane since: Nov 2001

posted posted 03-28-2004 09:54

So does anybody got a solution if you are infected.
Any programs to dowonlad to fix the problem.

Thanks!
/OlssonE

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 03-28-2004 15:25

http://housecall.antivirus.com is usally my quick fix online virus scan of choice - works only in IE, though. (it relies on ActiveX to scan your harddisk, I fear)

« BackwardsOnwards »

Show Forum Drop Down Menu