Hi,
it’s probably the virus our security people warned us yesterday, called
“W32.Beagle.J@mm”.
The virus can be stored in an encrypted zip file and therefore cannot be
detected by virus
scanners or in a plain .pif file. The password for the zip file is also
sent and is in plain text.
Within the zip file is an executable file.
The mail address is also forged. Examples would be:
xxxxx@company.com
xxxxx@company.com
xxxxx@company.com
xxxxx@company.com
xxxxx@company.com
Text could be:
Dear user, the management of company.com mailing system wants to let you
know that,
Your e-mail account has been temporary disabled because of unauthorized
access.
Please, read the attach for further details.
In order to read the attach you have to use the following password:
38553.
Best wishes,
The Company.com team (company URL)
Dear user of company.com mailing system,
Your e-mail account has been temporary disabled because of unauthorized
access.
For details see the attached file.
In order to read the attach you have to use the following password: 38553.
Regards
Else
“Peter Viscarola”
To: “Windows System Software Devs Interest List”
Sent by: cc:
xxxxx@lis Subject: [ntdev] URGENT WARNING to NTDEV Members: Spoofed email from OSR
ts.osr.com (Unsigned Mail)
03.03.2004 18:21
Please respond to
“Windows System
Software Devs Interest
List”
NTDEV Members,
Please be aware that there’s an ugly-looking email that’s being spread,
that
purports itself to be from OSR.COM. This has a ZIP file attached. DO NOT
OPEN IT.
The mail has the following attributes:
From: xxxxx@osr.com
Subject: Important notify about your e-mail account.
A quick check of the header will reveal that THIS MAIL IS NOT FROM OSR. We
expect that it is a virus of some kind.
We are investigating to see if there has been a security breach,
Peter
OSR
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com