These are all emails we received today from sources we do not know. I use OzEfilter (which I wrote) to check out email at the mail server safely away from our computer that is from people I don't know. I don't read the email but check the subject, who the email is from and in many case the country of origin. This approach keeps malicious emails out of my computer. This time however for the benefit of my clients and readers of this blog I have download the three I received this morning.
Subject: Britney Spears Fails To Appear For Latest Custody Hearing
From: Lilia-aapapuut@ccaurora.edu
Lesson: Don't click on links in emails where you don't know the source and certainly don't download anything.
Certainly a subject with Britney in it is popular with the malware writers. In this case the email contains a link which is to an executable file. For obvious reasons we won't reproduce the link her.
The trick with these types of emails is to hover your mouse over the link. You can then see the web site address that you will be sent to and in this case it is a program which you would have to download.
Subject: Fedex tracking number 4116375689
From: rtivoiviq@boks.com
Lesson: Even if you are dealing with Fedex that email address is not Fedex and don't touch that attachment.
The Fedex email has just started to occur. Our anti-virus software doesn't detect it as a virus. The online file scanner service we use as mentioned in MyAnswers solution 1890 returned the zip file MRDI8761223.zip as clean and the contained file MRDI8761223.exe with no conclusion. Now in this case I would still delete this type of email. It is from someone I don't know. It is a concern that it came back as being determined as clean for one part and nothing for the contained file. That actually lead me to believe the report was the file was clean. Don't take the risk with this type of email.
Subject: Your Online Flight Ticket N 29749
From: qiyhmvlrgaqy@blcc.com
Lesson: Don't get tricked if you are booking a holiday. We see these types of emails most days.
Who couldn't do with a holiday, but watch out, this is a very common ploy to trick you into opening the attachment and running the program. They have said they charged my credit card and none of us like our credit card charged if it wasn't us. Don't be tricked into action. Check the email address it is from. This email is supposedly from Southwest Airlines and that email address doesn't look like Southwest Airlines. Although don't rely on email addresses as they are fake. Some fakes are so good it is hard to tell them from the real emails.
I submitted the attachment to the online file scanner service. The automated system has came back with the response of no conclusion. When this happens I suspect they manually take the files and analyse them. If there are malicious files, I've found it will take a day or two and then they will use this information to update their anti-virus software. As you can see that could be days after the outbreak of a new virus.
What I am letting you know that even if you have anti-virus software, you aren't protected from the new viruses which are released on the Internet every week. Use your ant-virus software, but also use commonsense. You will end up regretting opening that attachment or clicking on the link which came via an email if you let your guard down. But don't just be watchful of emails, I have seen going to web sites in the past infect computers. Do take care.
I hope the above examples receive today help others to avoid being duped by the malware writers. Sadly a badly infected computer is expensive to repair. In many cases it is faster to reload the operating system and since many computers don't come with reinstall disks, this can be a costly and time consuming exercise.
Treat every email from an unknown source with suspicion. A product like OzEfilter helps us enormously. With a bit of care and a healthy degree of paranoia, you can save costly repair bills to your computer.
- Kelvin
I receive the response for the submitted airline ticket attachment and 36 minutes later I received the response:
ReplyDeleteFile: e-ticket.zip
Conclusion: malware container
File: ticket_trSM1.exe
Conclusion: confirmed malware
The online scanning service information on the Fedex email attachment has now come back as follows.
ReplyDeleteFile: MRDI8761223.zip
Conclusion: clean
File: MRDI8761223.exe
Conclusion malware