Someone is getting tricky with viruses - WarmGlass.com

Someone is getting tricky with viruses

This is the main board for discussing general techniques, tools, and processes for fusing, slumping, and related kiln-forming activities.

Moderators: Tony Smith, Brad Walker

Post Reply
Geri Comstock
Posts: 340
Joined: Mon Mar 10, 2003 4:16 pm
Location: Northern CA
Contact:

Someone is getting tricky with viruses

Postby Geri Comstock » Tue Mar 16, 2004 5:13 pm

Someone is getting very tricky with viruses. Here's the scam and a warning...

I just got an email message from management@comstockartglass.com saying that they were warning me that my system might have been infected with viruses and I should click on a file attached to the message to read an explanation of how to get rid of the virsuses. Yeah, right.

It looked very official and it would have been tempting to open the attachment. However, since I own the domain and email addys for comstockartglass.com, I KNOW for certain that there's no user called "management" and I know I didn't send this message to myself since my husband and I manage the site. I'd guess that the file contained viruses...


Be careful if you get an official looking message like this with an attachment. The virus spreaders are getting smarter about trying to figure out ways to get people to open attachments...

Geri

Brad Walker
Site Admin
Posts: 1363
Joined: Fri Mar 07, 2003 9:33 pm
Location: North Carolina, USA
Contact:

Postby Brad Walker » Tue Mar 16, 2004 5:43 pm

There are actually three or four versions of this one, one of which warns you that due to spam and viruses coming from your account it will be suspended unless you click on the attachment. They even give you a password to use.

Like you, I almost clicked on one of these until I realized that administration@warmglass.com was me!

Barbara Muth
Posts: 382
Joined: Sun Mar 09, 2003 8:10 pm
Location: Washington DC Metropolitan Area
Contact:

Postby Barbara Muth » Tue Mar 16, 2004 6:44 pm

This week at work I received an email with the from address being our IS deartment. They routinely quarantine all email coming in with viruses attached. This email told me that it was now safe to open the attached document (an .exe file from someone I don't know). For some crazy reason I checked with IS. They had not sent me that email and the file was infected with a new virus that had not made it into our screener yet. It looked so official! Thank goodness I didn't open it.

Barbara
Barbara
Check out the glass manufacturer's recommended firing schedules...
LATEST GLASS

dee
Posts: 302
Joined: Tue Mar 11, 2003 5:20 pm
Location: Atlanta GA
Contact:

Re: Someone is getting tricky with viruses

Postby dee » Tue Mar 16, 2004 7:23 pm

Geri Comstock wrote:Someone is getting very tricky with viruses. Here's the scam and a warning...

I just got an email message from management@comstockartglass.com saying that they were warning me that my system might have been infected with viruses and I should click on a file attached to the message to read an explanation of how to get rid of the virsuses. Yeah, right.

It looked very official and it would have been tempting to open the attachment. However, since I own the domain and email addys for comstockartglass.com, I KNOW for certain that there's no user called "management" and I know I didn't send this message to myself since my husband and I manage the site. I'd guess that the file contained viruses...


Be careful if you get an official looking message like this with an attachment. The virus spreaders are getting smarter about trying to figure out ways to get people to open attachments...

Geri


there's some new viri coming in with an email addy like the one you received that are in encrypted zip files and they provide a password to unzip the file - DO NOT open these zip files and use the password....

this is from my husband's company:
Please be aware that the new Bagle worm variants (and this will be a trend likely to continue in other worms) use two alarming techniques that add to the FUD (Fear, Uncertainty, Doubt) and try to trick users into getting infected. Additionally, these worms use a technique to evade gateway and mail-server scanning.



The first point is that messages that may appear to be from ca.com e-mail addresses (including staff@ca.com and other "plausible" addresses) and even mention ca.com in the body will implore users to open the attachments (usually claiming to be related to the user's account getting disabled or to fix another problem with the user's account).



That e-mail will lack the branding normally associated with CA broadcast e-mails including our logos. This e-mail is not specifically targeting CA.com, it changes the domain from ca.com when it is being sent to other recipients (for example, aol.com for aol users...)



The e-mail attachment is a password protected Zip file. This will make it harder to scan at the gateway and exchange level. The password to the attached zip file is included in the e-mail body.



The good news is that once signatures are on the local system, the dangerous code contained in the ZIP will be detected if it is accessed.

We are also working with eTrust development on solutions to this type of problem.



More info about these worms:



http://www3.ca.com/virusinfo/virus.aspx?ID=38480



and



http://www3.ca.com/virusinfo/virus.aspx?ID=38471



At this time we suggest users receiving these files simply delete them.
Dee Janssen
Unicorn's Creations Studio
http://ucjewelry.com
dee@ucjewelry.com

Chip
Posts: 104
Joined: Sun Aug 24, 2003 6:24 pm
Location: Manchester, CT
Contact:

Postby Chip » Tue Mar 16, 2004 8:48 pm

There's also a technique called a bounce back virus. There are bots out there that go around and harvest email addresses from the web. Then they send and email to a known bad email address using the addresses they harvested. For instance, my email is chipe@pobox.com. They send an email using my address as the originating email address, and this email of course is loaded with a virus. They send this email to a known bogus email address, and it bounces back to me! I say, "hmmmm, I don't remember sending that email" and notice there's an attachment saying "message" or "bounced text". And if I click on it BLAM, a virus is set loose.

Insidious!

1. Never open any email that you don't personally know the sender.
2. Never open any email that you do know the sender but didn't expect an attachment.
3. Never open an email with an attachment period. save the attachment, scan it with an anti-virus program, and then open it.
4. Use a white-list spam blocker. That way only email from known email addresses are allowed to get in to your inbox. Qurb is the highest rated one out there right now. Sure you have to check once in a while, but it's worth it.
5. GET AND KEEP UPDATED AN ANTI-VIRUS PROGRAM THAT WILL SCAN YOUR INCOMING AND OUTGOING EMAIL.
Image
Chip
Micah 6.8

Terry Ow-Wing
Posts: 124
Joined: Sun Mar 09, 2003 3:21 pm
Location: San Francisco, Ca.
Contact:

Postby Terry Ow-Wing » Tue Mar 16, 2004 10:57 pm

Now I know what has happened. I was puzzeled since I do keep my virus program up to date. My husband even got an official looking one from our bank! (asking for account info of course!) I get stuff from "microsoft" all the time but my virus program allways finds them - so far......

:roll:


[quote="Chip"]There's also a technique called a bounce back virus. There are bots out there that go around and harvest email addresses from the web. Then they send and email to a known bad email address using the addresses they harvested. For instance, my email is chipe@pobox.com. They send an email using my address as the originating email address, and this email of course is loaded with a virus. They send this email to a known bogus email address, and it bounces back to me! I say, "hmmmm, I don't remember sending that email" and notice there's an attachment saying "message" or "bounced text". And if I click on it BLAM, a virus is set loose.

....
Terry Ow-Wing Designs
Kilnformed and Lampworked Glass Art
http://GlassArt.weebly.com
Image

Nickie Jordan
Posts: 39
Joined: Mon Mar 10, 2003 12:16 pm
Location: Palmer, Alaska
Contact:

Postby Nickie Jordan » Wed Mar 17, 2004 1:52 am

My e-mail account provider has been shut down all day due to 'extreme virus activity'. This is a first.

Tony Serviente
Posts: 328
Joined: Thu May 29, 2003 11:48 am
Location: Ithaca,NY
Contact:

Postby Tony Serviente » Wed Mar 17, 2004 11:19 am

Chips admonitions are right on. I have followed almost all of these and have been 99% virus free. The 1% involved my kids getting on before we had our birds, bees, and viruses talk. Only thing I don't use is a blocker. I have tried them, but found that business inquiries were often getting filtered. I just don't open attachments unless I know they are coming, and I often still scan them to be safe.

Nancy Juhasz
Posts: 111
Joined: Sun Mar 09, 2003 10:10 pm
Location: Ohio

Postby Nancy Juhasz » Wed Mar 17, 2004 11:21 am

Yup got a message that was for real from my cable internet provider (small local company) telling me the 2 names that e-mail would be coming from. The very next day I got this very important e-mail from supposidly my cable tell me that the attachment contained pertinant information about a virus. I called the company the answer was don't open it not from us. You know if I hadn't gotten the first e-mail I would have been cleaning up yet another virus. LOL Nanc


Post Reply

Return to “Techniques and Tools”

Who is online

Users browsing this forum: Majestic-12 [Bot] and 45 guests

Warm Glass

2575 Old Glory Road, Suite 700
Suite 700
Clemmons, NC 27012
Phone: (336) 712 8003
Email: wg@warmglass.com