I've seen many of these. They sneak through my spam filter once in a while, but the attachment always gets stripped.
From: Richard Stovall [mailto:[email protected]] Sent: Wednesday, November 11, 2009 11:26 AM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning You would think that the Red Condor AV filtering would catch it if it really is a 5 year old threat. (Even if they can't filter attachments.) Time for someone to call them, I think, and ask a few questions. From: David Mazzaccaro [mailto:[email protected]] Sent: Wednesday, November 11, 2009 12:20 PM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning Yeah... that's the MyDoom worm from July 2004: http://www.sophos.com/security/analyses/viruses-and-spyware/w32mydoomo.h tml http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39711 http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=W ORM_MYDOOM.M&VSect=T Any decent AV software/service should be protecting you from it. ________________________________ From: John Aldrich [mailto:[email protected]] Sent: Wednesday, November 11, 2009 12:16 PM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning Interesting. Thanks. As I said, I'd never seen this particular exploit before, so I immediately put out a bulletin to all our staff so they can be aware of it. J From: David Mazzaccaro [mailto:[email protected]] Sent: Wednesday, November 11, 2009 12:13 PM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning I believe that text is from "MyDoom" or a variant. ________________________________ From: Richard Stovall [mailto:[email protected]] Sent: Wednesday, November 11, 2009 12:09 PM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning It looks like you use a hosted service from Red Condor. They can't do attachment filtering for you? From: John Aldrich [mailto:[email protected]] Sent: Wednesday, November 11, 2009 11:56 AM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning Slightly sanitized (removed user's email address): Dear user (email address), We have detected that your account was used to send a large amount of unsolicited e-mail messages during the last week. Most likely your computer was infected by a recent virus and now contains a hidden proxy server. We recommend that you follow our instruction in the attached file in order to keep your computer safe. Best wishes, The blueridgecarpet.com support team. Attached was a file called "blueridgecarpet.com" As we all know, .com files are executable. I wish I could prevent executable files from being received in email, but I don't think I can. From: Todd Lemmiksoo [mailto:[email protected]] Sent: Wednesday, November 11, 2009 11:47 AM To: NT System Admin Issues Subject: RE: FYI -- fake email abuse warning yes, please send. Todd ________________________________ From: John Aldrich [mailto:[email protected]] Sent: Wednesday, November 11, 2009 11:09 AM To: NT System Admin Issues Subject: FYI -- fake email abuse warning One of my users was sent a bogus email abuse warning stating that his account had been flagged because his "account was used to send a large amount of unsolicited e-mail messages during the last week." They had an attachment that was flagged by AVG as a virus and so the email was bounced back to me as the return address was [email protected] which comes to me. I've never seen this particular social engineering stunt before and thought I'd pass it along to you guys. I can pass along the text of the bounced message (sans attachment, of course! <G>) if anyone wants it. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.425 / Virus Database: 270.14.60/2496 - Release Date: 11/11/09 07:40:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.425 / Virus Database: 270.14.60/2496 - Release Date: 11/11/09 07:40:00 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>
