I don’t know whether this is new or not, but I ain’t seen it before. Could virus senders be making use of a new social engineering tweak?
The problem, it seems to me is that a lot of anti-virus manufacturers and system administrators insist on including automated alerts which supposedly inform users when their email addresses are being used to send viruses. Of course, in 9 cases out of 10 the user is not infected; their email address is being spoofed. But to the casual user, it’s annoying and somewhat scary. But are virus writers now using this ridiculous waste of time to lure more victims?
It goes like this: This morning I got four emails, all from support(at)mycompany.com. The headers were all warnings:
- Important notify about your e-mail account
- Warning about your e-mail account
- E-mail account disabling warning
The contents were varied, but credible:
Dear user of Feer.com gateway e-mail server, Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software. Pay attention on attached file. For security reasons attached file is password protected. The password is “22578”. Sincerely, The Feer.com team
Another one said:
Dear user of Feer.com, Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions. For details see the attach. For security purposes the attached file is password protected. Password is “28284”. Best wishes, The Feer.com team
The company’s virus software had removed the virus (not clear what, probably MyDoom). But it had me fooled long enough to fire off an angry reply to our support staff (sorry, guys). I’ve not seen similar wording to this on the virus sites, so this could well be a new trick. If so, it’s a good one.
It is a new virus. don’t know the name, but I read a short notice about it on our company intranet.