I noticed a few emails with the subject "Credit card account statement (Visa, MC)", and decided not to let OzEfilter delete the email, so I could check the contents.
The start of the message in the emails was the following:
Dear Valued Customer:
ID: - user name for a valid email address -
As requested, we are sending you this account statement with information on the transactions carried out with your credit card between 1/1/2008 and 8/1/2008.
The email also had an attached zip file "Statement.zip", which contained the file which appeared to be "Statement.doc". This is where the virus writers trick people into thinking it is a just a Word document. The virus writers create a very long file name filled with lots of spaces, so the real file extension of "exe" is not easily visible. The real file name is something like the following:
"Statement.doc exe"
This is similar to the "statement of fees" virus recently, which has infected a lot of people.
The Desktop anti-virus client, and the mail server anti-virus software, did not stop this email from getting through. The email address is a random user name, which is also a good indicator this is a malicious email and would be obvious to OzEfilter users.
The last couple of weeks has shown it is pretty obvious that most anti-virus software packages won't protect you from new viruses, as the anti-virus software can take days to be updated and by that time thousands of people have damaged their computers. Care with emails is vital.
A simple trick to protect you from viruses targeted at your banking facilities is not to provide your email address to your bank. I don't provide my email address to banks and I advise others to have their email address removed from their bank details. Then you know every email from a bank is most likely malicious or unwanted email.
Please take care.
- Kelvin Eldridge
Thanks!
ReplyDeleteI'm glad I decided to look it up! I just hope my boss didn't open it! Much appreciated.
ReplyDelete-Eric-
Nashville TN
The one I received had a user name that I use (likely gotten from my eBay id)
ReplyDeleteIt's pretty obvious that this is bogus as is for both Mastercard and Visa (I don't believe any banks offer both)
Thanks. Your information validates my suspicions. I just blasted the incompetents at AT&T (DSL antivirus service) and Symantec (Norton Internet Security) and Yahoo (fasicst refusal to screen out any spam) as to why I had to be subject to felony spam carrying this electronic cancer cells.
ReplyDeletePS: What an ordeal to get through Google to get this posted!!!
I just got one today with slightly different message:
ReplyDelete"Please take a look at the attached statement on your account. The statement was issued today upon request, and your data has been successfully altered."
I'm shocked that it came to an address that I don't give out anywhere except most trusted places (i.e. credit card/bank). They must have been breached...
Symantec Endpoint Protection didn't detect it as a virus even when I scanned explicitly. It's clearly is a virus (or made look like one).
BTW, your blog shows that it was posted "Tuesday Sep. 16th", but today is 15th (at least EST). Even if it is 16th on your end, it still won't be a Tuesday :) Blogger bug?
Please ignore my previous comment about blogger date. I didn't realize it wasn't October :) Sorry...
ReplyDeleteHi Bratan,
ReplyDeleteNo need to apologise. I am amazed that over the last month or more, the same viruses in slightly different variations, continue to cause people grief and their ant-virus software is not protecting them.
The only reason I even see these types of emails is because I saw my clients getting affected. I use OzEfilter, a program I wrote, and OzEfilter enables me to delete the emails at the mail server away from my computers. I now receive some of these emails for the benefit of my clients. Otherwise OzEfilter lets me treat these emails as the rubbish they are. It saddens me to see that thousands of people are not protected, or even worse, think they are and get infected.
As you point out, my post was in September and these types of emails are still getting through most anti-virus software packages. It really isn't good enough.
No need to apologise. Your comment helps to highlight the problem.
Thanks - Kelvin Eldridge