A New Trick To Lure The Unwary?

I don’t know whether this is new or not, but I ain’t seen it before. Could virus senders be making use of a new social engineering tweak?

The problem, it seems to me is that a lot of anti-virus manufacturers and system administrators insist on including automated alerts which supposedly inform users when their email addresses are being used to send viruses. Of course, in 9 cases out of 10 the user is not infected; their email address is being spoofed. But to the casual user, it’s annoying and somewhat scary. But are virus writers now using this ridiculous waste of time to lure more victims?

It goes like this: This morning I got four emails, all from support(at)mycompany.com. The headers were all warnings:

  • Important notify about your e-mail account
  • Warning about your e-mail account
  • E-mail account disabling warning

The contents were varied, but credible:

Dear  user of Feer.com gateway e-mail server, Our antivirus  software has detected a large ammount of viruses outgoing  from  your  email account, you may  use  our free anti-virus  tool to clean up your computer  software. Pay attention on attached file.  For security  reasons attached file  is password protected. The  password  is “22578”.  Sincerely, The  Feer.com team 

Another one said:

Dear user of  Feer.com, Some of our clients complained  about the spam (negative e-mail content) outgoing from your  e-mail account. Probably, you have been  infected by a proxy-relay trojan server. In  order to keep your computer safe, follow  the instructions. For  details see the attach. For  security purposes  the attached file is  password protected. Password is “28284”. Best wishes,    The  Feer.com team        

The company’s virus software had removed the virus (not clear what, probably MyDoom). But it had me fooled long enough to fire off an angry reply to our support staff (sorry, guys). I’ve not seen similar wording to this on the virus sites, so this could well be a new trick. If so, it’s a good one.

04. March 2004 by jeremy
Categories: Malware | Tags: , , , , , , , | 1 comment

One Comment

  1. It is a new virus. don’t know the name, but I read a short notice about it on our company intranet.