The following are all examples of virii or the recent virus outbreak.
They are all examples of messages that should go in the "just delete"
classification.
March 16th: we've done a substantial update to the virus scanning
software and it's configuration. With this and virus signatures
which are updated every 2 hours, we should be blocking almost all
of these. Please keep us informed of anything getting through. -Tom
Dear user of e-mail server "Baremetal.com",
Our main mailing server will be temporary unavaible for next two days,
to continue receiving mail in these days you have to configure our free
auto-forwarding service.
Further details can be obtained from attached file.
For security reasons attached file is password protected. The password is
"66138".
Subject: Important notify about your e-mail account.
Dear user of "Example.com" mailing system,
Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.
For details see the attached file.
Attached file protected with the password for security reasons. Password is
66138.
Dear user of Baremetal.com,
Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.
Advanced details can be found in attached file.
For security purposes the attached file is password protected. Password is
"11763".
Subject: BM-186230 Warning about your e-mail account.
Dear user of Baremetal.com gateway e-mail server,
Your e-mail account has been temporary disabled because of unauthorized access.
Please, read the attach for further details.
For security reasons attached file is password protected. The password is
"28350".
This one is a little different, but follows the same social
engineering pattern:
Dear user, the management of Example.ca mailing system wants to let
you know that,
Your e-mail account has been temporary disabled because of unauthorized
access.
For details see the attached file.
Hopefully that is enough to give you the idea, and you can recognize
similar but different messages. The most common thread is that
password "protected" zip files are being used to
hide the virus from the virus scanner.
-Baremetal
|