Jump to content

E-mail Virus

The Leprechauns

By The Leprechauns
in Website

Followers 0

Recommended Posts

The Leprechauns

+The Leprechauns

Posted
Posted (edited)

This afternoon I received the following e-mail, from sender "support@geocaching.com". This is a current virus that's going around, I believe, and I am sure it is NOT real e-mail from gc.com. I did not open the file attachment. This same virus is causing corporations everywhere to go nuts and send out warnings about false e-mails using a "support@" in the from line.

 

Dear user of Geocaching.com,

 

We  warn you about  some attacks on  your e-mail account. Your  computer may

contain viruses,  in order to keep your computer and e-mail account safe,

please, follow  the instructions.

 

Please,  read  the attach for further details.

 

Sincerely,

    The Geocaching.com team                            http://www.geocaching.com

Edited by The Leprechauns
Link to comment
Sparky-Watts

+Sparky-Watts

Posted
Posted
I got that email too. You could imagine my surprise.

:o

 

I had posted a warning about that same virus scam in AS earlier today, since I had gotten two similar emails seemingly from my ISP....of course, I'm not dumb enough to open attachments without looking at the message source first, but I know people who are (namely the person's computer from which these were sent to me). I'll pass on a tip that I gave her: Some email programs, such as Outlook Express, have an option to show a "preview pane", where the highlighted email is "previewed". This actually automatically opens the email as well as the attachment, whether you intend to open it or not. If you have that option, disable it. I know a lot of folks probably know that already, but for those that don't, there it is......

Link to comment
jupilli

jupilli

Posted
Posted
This afternoon I received the following e-mail, from sender "support@geocaching.com".  This is a current virus that's going around, I believe, and I am sure it is NOT real e-mail from gc.com.  I did not open the file attachment.  This same virus is causing corporations everywhere to go nuts and send out warnings about false e-mails using a "support@" in the from line. 

 

Dear user of Geocaching.com,

 

We  warn you about  some attacks on  your e-mail account. Your  computer may

contain viruses,  in order to keep your computer and e-mail account safe,

please, follow  the instructions.

 

Please,  read  the attach for further details.

 

Sincerely,

    The Geocaching.com team                            http://www.geocaching.com

I think this type of viruses are getting quite confusing and I understand GC.com has nothing to do with them. However, should you consider some warning action ??

I DO NOT MEAN more e-mails, but some kind of an indicator on the top of the Groundspeak page flashing and having a link to a page with a rough description of what is going on. Also I do not mean GC has the responsibility to act like antivirus company, but still... the work you have to do to recover is soooo useless !!

Link to comment
Sparky-Watts

+Sparky-Watts

Posted
Posted
This afternoon I received the following e-mail, from sender "support@geocaching.com".  This is a current virus that's going around, I believe, and I am sure it is NOT real e-mail from gc.com.  I did not open the file attachment.  This same virus is causing corporations everywhere to go nuts and send out warnings about false e-mails using a "support@" in the from line. 

 

Dear user of Geocaching.com,

 

We  warn you about  some attacks on  your e-mail account. Your  computer may

contain viruses,  in order to keep your computer and e-mail account safe,

please, follow  the instructions.

 

Please,  read  the attach for further details.

 

Sincerely,

    The Geocaching.com team                            http://www.geocaching.com

I think this type of viruses are getting quite confusing and I understand GC.com has nothing to do with them. However, should you consider some warning action ??

I DO NOT MEAN more e-mails, but some kind of an indicator on the top of the Groundspeak page flashing and having a link to a page with a rough description of what is going on. Also I do not mean GC has the responsibility to act like antivirus company, but still... the work you have to do to recover is soooo useless !!

I think a pinned note at the top of the forums would be a good idea....may save a lot of people a real pain in the neck.....

Link to comment
Markwell

+Markwell

Posted
Posted

Hear Ye! Hear Ye!

 

Read all about W32.Beagle.J@mm

 

9. Uses its own SMTP engine to send itself to the email addresses found. The worm contains its own MIME-encoding routine and will compose the email in memory.

 

The email has the following characteristics:

 

From: (May be one of the following)

management@<recipient domain>

administration@<recipient domain>

staff@<recipient domain>

noreply@<recipient domain>

support@<recipient domain>

 

Subject: (One of the following)

E-mail account disabling warning.

E-mail account security warning.

Email account utilization warning.

Important notify about your e-mail account.

Notify about using the e-mail account.

Notify about your e-mail account utilization.

Warning about your e-mail account

 

Message: (One of the following lines)

Dear user of <domain>,

Dear user of <domain> gateway e-mail server,

Dear user of e-mail server "<domain>",

Hello user of <domain> e-mail server,

Dear user of "<domain>" mailing system,

Dear user, the management of <domain> mailing system wants to let you know that,

 

{{snipped}}

 

We warn you about some attacks on your e-mail account. Your computer may

contain viruses, in order to keep your computer and e-mail account safe,

please, follow the instructions.

 

Followed by one of the following lines:

For more information see the attached file.

Further details can be obtained from attached file.

Advanced details can be found in attached file.

For details see the attach.

For details see the attached file.

For further details see the attach.

Please, read the attach for further details.

Pay attention on attached file.

 

Followed by one of the following lines:

The Management,

Sincerely,

Best wishes,

Have a good day,

Cheers,

Kind regards,

 

Followed by:

The <domain> team                        http://www.<domain>

 

 

If the attachment is a zip file, the message will include one of the following lines:

 

For security reasons attached file is password protected. The password is "<password>".

For security purposes the attached file is password protected. Password is "<password>".

Attached file protected with the password for security reasons. Password is <password>.

In order to read the attach you have to use the following password: <password>.

 

It's a spoofing virus. We got hit with a nasty one at work last week that shut down three of our four servers.

Link to comment
Swagger

Swagger

Posted
Posted
We got hit with a nasty one at work last week that shut down three of our four servers.

I haven't had to deal with a virus outbreak in my company since I installed Sophos on the desktops and Sophos + ClamAV on the mail server (first using AMaViS, now using MailScanner). It's saved me countless hours of cleanup.

Link to comment
Right Wing Wacko

+Right Wing Wacko

Posted
Posted
We got hit with a nasty one at work last week that shut down three of our four servers.

I haven't had to deal with a virus outbreak in my company since I installed Sophos on the desktops and Sophos + ClamAV on the mail server (first using AMaViS, now using MailScanner). It's saved me countless hours of cleanup.

I agree. These days it's totally irresponsible to run an email server without a virus scanner attached. I use McAfee's GroupShield on the Exchange Server and Virus Scan on the desktops.

 

For the most part, the desktop virus scanner ends up as an unused second line of defense, as so far at least, all the virus's have been caught by the GroupShield.

 

(BTW: A virus scanner does no good if you don't keep it up to date. This past few weeks, that means updating it DAILY.

Link to comment
Swagger

Swagger

Posted
Posted (edited)
(BTW:  A virus scanner does no good if you don't keep it up to date.  This past few weeks, that means updating it DAILY.

Sophos is pretty unique in how their product works. The main engine and associated virus database is released monthly, but obviously, new viruses pop up more often than that. Whenever a new one comes out, they create an "IDE" (identification) file that you add to your installation and then trigger the central installation to update the workstations. They send an e-mail announcing the new IDE file to all their customers. It's pretty slick, actually.

 

What I did was write a script that the incoming e-mail gets fed to (at the server level). It parses the e-mail and downloads the IDE file, then adds it to the mail server (linux) scanner and FTPs it to our central installation (windows), then it EXECs (via ftp also) the command to update the rollout number, which tells the workstations to update. It's all fully automated - the only thing I have to do is update the central install once a month. :o

 

So in the last week, when all the new variants of Bagel and Netsky were coming out (sometimes many in a day), we were current as soon as we got the e-mail.

Edited by Cruzin
Link to comment
DomHeknows

+DomHeknows

Posted
Posted

our norton/symantec is updated nightly at 4am and both netskyb and netskyd got to our servers before the definitions did. It was actually 4 hours after the first incoming email for netskyd that the definitions were available. Fortunately after some idiot opened netskyb, noone dares to open any attachments at the moment :-).

We're now automatically polling for updates 4-6 times a day now.....

Link to comment
jupilli

jupilli

Posted
Posted

I am also, by my self, quite well protected behind my company firewalls and my laptop is receiving updates automaticaly whenever there is any available, however, some days ago I received an e-mail which I suspected and forwarded it to the company 'viruscenter'. In two hours we all received a warning, and the follow on 'virus e-mails' were cleared. But my point is that the first one GOT THROUGH !! I am not talking about a private connection or a home PC, I am using an large IT-company provided and supported connection with a laptop which has the most recent virus files available and updated whenever an update is available. However those are getting through. Most of GC users do not have the well updated protection.

I think that if GC-people receive msgs pointing out that some e-mails 'sent by' GC.com are on their way to the users asking to open the infected attachements, GC should warn the users, How, you know it better.

This is kind of a help service GC can do IF A VIRUS has been seen to use GC as a vechile !!

Link to comment
Markwell

+Markwell

Posted
Posted
our norton/symantec is updated nightly at 4am and both netskyb and netskyd got to our servers before the definitions did. It was actually 4 hours after the first incoming email for netskyd that the definitions were available. Fortunately after some idiot opened netskyb, noone dares to open any attachments at the moment :-).

We're now automatically polling for updates 4-6 times a day now.....

That's essentially what happened to us. We haven't had a virus outbreak in years, and this was just poor timing. NetskyB was identified by Norton on 2/24 in the evening, solution was on the Symantec website at 11:50 a.m. on 2/25 - we were infected at 10:00 and someone had opened the zip attachment. We're still cleaning up.

Link to comment
CYBret

+CYBret

Posted
Posted

I got the emails too, not from Groundspeak/geocaching.com, but from my own domain names! Took some convincing before I got the girl on my provider's "Tech support" to believe I hadn't sent them to myself!

 

My regular virus software didn't find them, so I did the free scan on Panda and nabbed em.

 

Bret

Link to comment
Guest
This topic is now closed to further replies.
Followers 0
Go to topic listing
×
×
  • Create New...