[Skip to Content]

Published Wednesday 14 October 2009
Categories:

Share this Share on Facebook Share on Twitter Share on Google Plus
Post View Counter 238

Over the past few days we have had a large increase of virus hoax emails claiming to be a mail server upgrade or security fix.

We would never send an email with any attachments or links to files you have to download and run to any of our clients who use our servers for hosting and email.

The hoax emails are in the following format:

[more]

-------------------------

Dear user of the yourdomain.com mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox (info@yourdomain.com) settings were changed. In order to apply the new set of settings click on the following link:

http://yourdomain.com/owa/service_directory/settings.php?email=info@yourdomain.com&from=yourdomain.com&fromname=info
Best regards, yourdomain.com Technical Support.

-------------------------

The link on the above email would take you to a page like this which has a link to download the virus.

 or this version which has an attached zip file containing a virus

-------------------------

or

--------------------------

You have (6) New Message from Outlook Microsoft
- Please re-configure your Microsoft Outlook Again.
- Download attached setup file and install.  

----------------------------

Dear user of the yourdomain.com mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox yourname@yourdomain.com settings were changed. In order to apply the new set of settings open zip attached file.

Best regards, yourdomain.com Technical Support.

 -------------------------

If you are sent emails like this, please delete them and DO NOT open or run the attachment.

Symantec (anitvirus supplier) have a post on their site about this email virus on http://www.symantec.com/connect/blogs/personalized-patchupdate-spam-delivering-malware and the virus is: Infostealer.Banker.C which is a Trojan horse that may steal sensitive information from the compromised computer.

 

Update: 15th October 2009

Several of our clients have emailed me to say they dont believe this post is reporting a hoax ! A search on google will confirm this but if someone will run any attachments which are sent to them via email, having another keylogging trojan installed will be the least of their problems.

Update 15th October 2009

Yet another version of this hoax email with bonus virus:

-------------------------------

Subject: Attention - Mail system upgrade

Attention!

  On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
 This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

http:// updates.yourdomain.com.secure.upd-center.net /ssl/id=7842684-you@yourdomain.com-patch7230.exe

 Thank you in advance for your attention to this matter and sorry for possible inconveniences.

 System Administrator

-------------------------------

Update 23 Oct

Yet another version:

-------------------------

Subject: Attention: Read Carefully

Message:

 Attention!

  On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
 This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

http://updates.xxx.co.uk.secure.first-admin.net/ssl/id=79321284-xxx@xxx.co.uk-patch100.aspx

 Thank you in advance for your attention to this matter and sorry for possible inconveniences.

 System Administrator

-------------------------

Permalink


0 Comments



Post your comment