posted
I have been getting more suspicious emails with attachments & have been very strict with my policy of deleting any suspicious emails without ever having any viewed in the preview pane, & for sure not opening them.
I have been right-clicking to view properties occassionally & clicking on "message source" when I am curious for any reason.
Today I got an email with attachment claiming to be from administration@islandsign.com & since that is my domain & I have no mailbox by that name, I was curious.
What I found was not only that their had been a virus attached (no surprise there) but the message content was a completely malicious attempt to encourage any unsuspecting recipients to open the attachment, & such blatent continued misrepresentation of the association between that email & my company name (domain name) that I would think it borders on criminal slander.
As you can see from the highlighted areas in the image below, I guess the code in the virus is not only able to harvest address's from infected computers, & replicate itself with spoofed senders addresses... but it drops these domain names into message content to further slander the innocent owners of harvested email addresses.
What I'm not sure about is the "return path" shown at the top. I realize that the "from" line in the center is a "spoofed" address, but is the sign related address shown in the "return path" also an innocent victim whoose address was added by the virus?
posted
I seen loads like that a few weeks ago... I run my own domain and as postmaster I get all the undeliverables; I had mail addressed to bob, tom, harry, debbie etc... @copyshop.ca all the most popular names, hoping to get a hit.
For a while I was getting more virus emails than spam ... peaked out at 160 in one day; but it's been relatively quite in the past week
-------------------- Mike O'Neill
It has yet to be proven that intelligence has any survival value. - Arthur C. Clarke
posted
I'm seeing replies on the old familiar aspects of the virus itself or the spoofing of an address...
... but that paragraph at the bottom is what piszes me off the most, I never realized the domain info would get swapped into several places in a letter within an infected email to make it look as if I intentionally, maliciously encouraged someone to open an infected attachment.
"Yahoo! Mail Virus Protection detected the virus '"W32.Beagle.J@mm"' in the file '"Attach.zip"', attached to the enclosed email message. We scanned the file using Norton AntiVirus but were unable to clean it. Therefore, we removed the content of the attachment from the message. Please contact the message sender if you want to receive the attachment. They must clean the file and resend it before we can deliver it to you safely.
"
"Yahoo! Mail successfully cleans most infected attachments, which protects you from viruses. "
Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.
For details see the attach.
For security purposes the attached file is password protected. Password is "62815".
posted
I got the exact same message, Si. Luckily my corporate scan caught it on the way in, because it was deceiving enough to be believable, as we get LOTS of messages from our IT people to run these scans they forward us.
-------------------- Steve Burke Cascades Inc NS Canada
If at first you don't succeed, skydiving isn't for you Posts: 359 | From: NS Canada | Registered: Jan 2002
| IP: Logged |
posted
doug, just got one from a friend in georgia describing the new virus visitor. i am not opening anything , even if i am afraid it is genuinely intended for me. they make too much of a mess. a tip i once received to thwart an email address theft is to go in your address book and make the first entry aaa@aaa. this stumps the thief and stops any further attept at taking over addresses. no complaints so far. faye
-------------------- Faye Welsh (fiddles) 4848 cherry street allison park, pa. 15101 fiddles51@yahoo.com Posts: 259 | From: 4848 Cherry St. Allison Park,Pa. 15101 | Registered: Dec 2001
| IP: Logged |
quote: Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information.
fortunantly some of these emails believability is "disabled because of improper using" of the english language.
As for the ways to protect email addresses from being harvested on my machines, not only have I avoided any infections through maintaining up to date virus definitions etc. but I also delete all emails & keep no address book or contact list.
posted
I was just thinking this week that IF I was to keep my address book but add a '1' or a single letter to the beginning of each address, making it undeliverable until I remove the added number or letter before hitting send...so I don't have to look up each email address i need.
Won't this solve the problem of any access of my address book being copied by a virus?
posted
There is nothing that irks me more than an empty subject line with an attachment. I think all these replies shows how important it is to be sure to fill it in, so we can determine the legitimacy of an email. I delete everything that looks even remotely weird to me.
Occasionally I wonder "What if it is a job?" Oh well, it's worth the risk not to have the shop go down for a day or two just because I was curious.
""Good judgment comes from experience; and a lot of that comes from bad judgment" - Will Rogers Posts: 3488 | From: Beautiful Newaygo, Michigan | Registered: Mar 2003
| IP: Logged |
posted
Adrienne, I've heard suggestions like that too, & I would think that will surely work to avoid any of your contacts recieving any infected mail, if your conputer became infected by a virus that was harvesting from your address book.
As I think about it, the altered email address's would also get written in to the "from" line... so as the monster moves around, grows & evolves... other recipients at valid address's will get infected mail from 1splashsigns2@hotmail.com or 1signshop@islandsign.com
That scenario could still generate some negative perception twords a domain name, although I don't think too many people still think the "from" address is valid anymore.
Another possibly better twist on your idea is using the * instead of the @ symbol. This would probably make the string of characters not be harvested at all.
posted
Doug, during the last big virus, I found that my address was being spoofed by the virus. The virus checkers on the receiving end would send them back to me. They looked like tom@anchorblanks.com, susan@, anyname@ and so on. Nothing I ever use. I knew they were not coming out of my computer. I ran full computer virus scans multiple times and the computer was always clean. So, someone who had vic@anchorblanks on their machine got the virus, the virus spoofed the return address, and sent out to their mailing list.
A couple of people sent me angry notes telling me to take them off their mailing list. I sent back a note trying to explain about spoofs, but I doubt if they believed it.
In any event, I don't know what any of us can do other than to keep a good current virus checker running at all times. Vic G
-------------------- Victor Georgiou Danville, CA , USA Posts: 1746 | From: Danville, CA , USA | Registered: Dec 1998
| IP: Logged |
quote: I don't know what any of us can do other than to keep a good current virus checker running at all times.
I agree Vic, & I think not saving anyones email address on our hard drives is also a neccessary, though inconvenient, additional courtesy that should be considered these days.
The spoofed return address is so commonplace now, I hardly think anyone, in our business circles at least, still misunderstands that.
Although I had grown used to the idea that people may get infected mail that says it is from islandsign.com I wasn't prepared for them to get email that basically says: "islandsign.com has recieved indication that your computer may need this attached fix... cheers, the islandsign.com team"
![[FYI]](graemlins/fyi.gif)
Printer-friendly view of this topic