Saturday, June 18, 2005

Virus Spammers active again

A new breed of virus spammers is working hard at increasing their “conversion rates” by sending out emails designed to gain the trust of the unsuspecting recipient. The email messages aim at getting recipients to open the following attachments:

updated-password.zip, approved-password.zip, important-details.zip, account-report.zip and others.

Here’s few examples of emails I received today:

Subject: your password has been updated

Dear user gmeyers,

You have successfully updated the password of your Gmeyers account.

If you did not authorize this change or if you need assistance with your account, please contact Gmeyers customer service at: mail@(deleted by me)

Thank you for using Gmeyers!
The Gmeyers Support Team

+++ Attachment: No Virus (Clean)
+++ Gmeyers Antivirus – www.(deleted by me)


Note the clever use of +++ Attachment: No Virus (Clean)


Here’s another one:



Subject: Warning message: your services near to be closed

Dear Gmeyers Member,

We have temporarily suspended your email account bob@(deleted by me).

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Gmeyers account.

Sincerely,The Gmeyers Support Team

+++ Attachment: No Virus (Clean)
+++ Gmeyers Antivirus – www.(deleted by me)

Assuming the attachments actually do contain a virus (I can't be positively sure, as I didn't open them), they must still be in beta because the sender obviously relies on email address harvesting.

The best anti virus protection? Never open email attachements, unless you're absolutely positive about the identity of the sender (and it doesn't cost a penny!)


For more examples of the latest generation of virus spam emails, check this post.

Keywords:
, , , ,

1 Comments:

At 5:46 AM, Anonymous Anonymous said...

We have been receiving such spoofed emails into our mailboxes at my workplace.

These attachments indeed contain virus, cleverly named with a long whitespace and a .scr or .pif extension which gets truncated unless you expand the filename tab in your Unzipping tool like Winzip or WinRar.

My machine is safe since i use a Linux Box so I openend the atachement to see how the files were disguised. But other Windows users in my company may not be safe.

As you said earlier, the best safety is never open such attachments even if the source looks valid unless you confirm with the source of the validity of the attachments.

 

Post a Comment

<< Home