« Thoughts on Preparing Your Oldest Child for College | Main | Monday »

June 20, 2005

Web Site News - Very Tacky Spam Virus

by Bruce the Human Pet

Here at Conservative Cat, we average about 40 to 50 incoming virus emails per day. All are variations of the Sober virus formula: the virus masquerades as an attachment to an EMAIL about a problem with your online account. The message subject ranges from a blaring DETECTED ONLINE USER VIOLATION to a slightly more subtle Your password has been successfully updated.

These viruses are mutating quickly, and some of them were not detected by Norton Anti-Virus. They are easily indentified, however, if you know what to look for: the attachment is a ZIP file, and inside the ZIP is a single file that looks like an HTML or text file, but is in fact an executable or script of some sort. The true nature of the file is disguised by putting so many spaces into the file name that the extension disappears (see the image below).

EvilFileName.gif

This technique is designed for customers of fairly large domains: the virus generates common email addresses and sends them out en masse. In a small domain like ours, we get messages "bob@conservativecat.com", "dave@conservativecat.com", and so forth all piling up in the webmaster's inbox.

The content of the EMAIL is particularly galling.

Dear user smith,

You have successfully updated the password of your Conservativecat account.

If you did not authorize this change or if you need assistance with your account, please contact Conservativecat customer service at: service@conservativecat.com

Thank you for using Conservativecat! The Conservativecat Support Team

+++ Attachment: No Virus (Clean)
+++ Conservativecat Antivirus - www.conservativecat.com

I still can't believe people work so hard in the pursuit of pointless vandalism.

Please be careful. Your anti-virus protection software is not keeping ahead of this virus and its relatives, so you have to know to ignore these emails. If the virus deploys on your system, you can find removal tools here. While you're at it, talk to your Congressman about minimum 10-year prison sentences for hackers.


# At Mon 9:49 PM | Permalink | Trackback URI | Comments (3) | More Web Site News

Trackback Pings

Comments

This is blackholing/bouncing emails that go to non-existant addresses on your server (assuming you have control over it) works pretty well... This is also why I use spam accounts flagrantly... ;) Just a few thoughts.


Posted by: Linoge Author Profile Page at June 21, 2005 6:32 PM

We use Spam Assassin on the server, and it hasn't yes caught up with this new breed of nasty. We're more concerned, however, with the fact that there are viruses out there that the anti-virus programs don't detect. The most common searches that bring people to this site are queries about EMAIL viruses, so I like for Bruce to keep people informed about new threats.


Posted by: Ferdy Author Profile Page at June 22, 2005 12:14 AM

I just recieved one these e-mails on one my Yahoo accounts. Thanks for the heads up.


Posted by: Howard at June 22, 2005 6:54 PM

Leave a comment

HTML is not allowed in comments; however, if you put in a raw URL (http://www.somewhere.com/page.html) it will automatically be converted to a link.. Also, it is likely your comment will not appear unless you refresh the page manually after posting it.

Leave a comment