Someone is getting tricky with viruses

[Geri Comstock]

Someone is getting very tricky with viruses. Here's the scam and a warning...

I just got an email message from management@comstockartglass.com saying that they were warning me that my system might have been infected with viruses and I should click on a file attached to the message to read an explanation of how to get rid of the virsuses. Yeah, right.

It looked very official and it would have been tempting to open the attachment. However, since I own the domain and email addys for comstockartglass.com, I KNOW for certain that there's no user called "management" and I know I didn't send this message to myself since my husband and I manage the site. I'd guess that the file contained viruses...


Be careful if you get an official looking message like this with an attachment. The virus spreaders are getting smarter about trying to figure out ways to get people to open attachments...

Geri

[Brad Walker]

There are actually three or four versions of this one, one of which warns you that due to spam and viruses coming from your account it will be suspended unless you click on the attachment. They even give you a password to use.

Like you, I almost clicked on one of these until I realized that administration@warmglass.com was me!

[Barbara Muth]

This week at work I received an email with the from address being our IS deartment. They routinely quarantine all email coming in with viruses attached. This email told me that it was now safe to open the attached document (an .exe file from someone I don't know). For some crazy reason I checked with IS. They had not sent me that email and the file was infected with a new virus that had not made it into our screener yet. It looked so official! Thank goodness I didn't open it.

Barbara

[dee]

Someone is getting very tricky with viruses. Here's the scam and a warning...

I just got an email message from management@comstockartglass.com saying that they were warning me that my system might have been infected with viruses and I should click on a file attached to the message to read an explanation of how to get rid of the virsuses. Yeah, right.

It looked very official and it would have been tempting to open the attachment. However, since I own the domain and email addys for comstockartglass.com, I KNOW for certain that there's no user called "management" and I know I didn't send this message to myself since my husband and I manage the site. I'd guess that the file contained viruses...


Be careful if you get an official looking message like this with an attachment. The virus spreaders are getting smarter about trying to figure out ways to get people to open attachments...

Geri

there's some new viri coming in with an email addy like the one you received that are in encrypted zip files and they provide a password to unzip the file - DO NOT open these zip files and use the password....

this is from my husband's company:
Please be aware that the new Bagle worm variants (and this will be a trend likely to continue in other worms) use two alarming techniques that add to the FUD (Fear, Uncertainty, Doubt) and try to trick users into getting infected. Additionally, these worms use a technique to evade gateway and mail-server scanning.



The first point is that messages that may appear to be from ca.com e-mail addresses (including staff@ca.com and other "plausible" addresses) and even mention ca.com in the body will implore users to open the attachments (usually claiming to be related to the user's account getting disabled or to fix another problem with the user's account).



That e-mail will lack the branding normally associated with CA broadcast e-mails including our logos. This e-mail is not specifically targeting CA.com, it changes the domain from ca.com when it is being sent to other recipients (for example, aol.com for aol users...)



The e-mail attachment is a password protected Zip file. This will make it harder to scan at the gateway and exchange level. The password to the attached zip file is included in the e-mail body.



The good news is that once signatures are on the local system, the dangerous code contained in the ZIP will be detected if it is accessed.

We are also working with eTrust development on solutions to this type of problem.



More info about these worms:



http://www3.ca.com/virusinfo/virus.aspx?ID=38480



and



http://www3.ca.com/virusinfo/virus.aspx?ID=38471



At this time we suggest users receiving these files simply delete them.

[Chip]

There's also a technique called a bounce back virus. There are bots out there that go around and harvest email addresses from the web. Then they send and email to a known bad email address using the addresses they harvested. For instance, my email is chipe@pobox.com. They send an email using my address as the originating email address, and this email of course is loaded with a virus. They send this email to a known bogus email address, and it bounces back to me! I say, "hmmmm, I don't remember sending that email" and notice there's an attachment saying "message" or "bounced text". And if I click on it BLAM, a virus is set loose.

Insidious!

1. Never open any email that you don't personally know the sender.
2. Never open any email that you do know the sender but didn't expect an attachment.
3. Never open an email with an attachment period. save the attachment, scan it with an anti-virus program, and then open it.
4. Use a white-list spam blocker. That way only email from known email addresses are allowed to get in to your inbox. Qurb is the highest rated one out there right now. Sure you have to check once in a while, but it's worth it.
5. GET AND KEEP UPDATED AN ANTI-VIRUS PROGRAM THAT WILL SCAN YOUR INCOMING AND OUTGOING EMAIL.

[Terry Ow-Wing]

Now I know what has happened. I was puzzeled since I do keep my virus program up to date. My husband even got an official looking one from our bank! (asking for account info of course!) I get stuff from "microsoft" all the time but my virus program allways finds them - so far......




[quote="Chip"]There's also a technique called a bounce back virus. There are bots out there that go around and harvest email addresses from the web. Then they send and email to a known bad email address using the addresses they harvested. For instance, my email is chipe@pobox.com. They send an email using my address as the originating email address, and this email of course is loaded with a virus. They send this email to a known bogus email address, and it bounces back to me! I say, "hmmmm, I don't remember sending that email" and notice there's an attachment saying "message" or "bounced text". And if I click on it BLAM, a virus is set loose.

....

[Nickie Jordan]

My e-mail account provider has been shut down all day due to 'extreme virus activity'. This is a first.

[Tony Serviente]

Chips admonitions are right on. I have followed almost all of these and have been 99% virus free. The 1% involved my kids getting on before we had our birds, bees, and viruses talk. Only thing I don't use is a blocker. I have tried them, but found that business inquiries were often getting filtered. I just don't open attachments unless I know they are coming, and I often still scan them to be safe.

[Nancy Juhasz]

Yup got a message that was for real from my cable internet provider (small local company) telling me the 2 names that e-mail would be coming from. The very next day I got this very important e-mail from supposidly my cable tell me that the attachment contained pertinant information about a virus. I called the company the answer was don't open it not from us. You know if I hadn't gotten the first e-mail I would have been cleaning up yet another virus. LOL Nanc