[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 641
  • Last Modified:

Fake Emails with Attachments

For the past two days I've been getting some really weird emails. They're "from" all different email addresses but the content is always the same. There's three different emails I get:

1. The subject line is either "Re:" or "FwD:" (with the 'D' capitalized) or "FwD: Re:" and this is the body text:

------------------------------
ok ok ok,,,,, here is it



*** Server-AntiVirus: No Virus (Clean)
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
------------------------------

There is also an attachment on everyone of these emails that's called "our_secret.zip" and it's 52k


2. The second type of email I get says something to the affect that my email was blocked in the subject line. Sometimes it'll say "MAILER-DAEMON: Delivery Failure," "Your email was blocked" or just "mailing error." This is the body text:

------------------------------
This is an automatically generated E-Mail Delivery Status Notification.

Mail-Header, Mail-Body and Error Description are attached


*** AntiVirus: No Virus found
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
------------------------------

There's a file attached to this one called "error_mail_info.zip" (52k).


3. The third kind of weird email I get says something like "Your Password" or "Registration Confirmation" in the subject line and the body text always has a link in it but to a different website each time. Here's the body text:

------------------------------
Account and Password Information are attached!

Visit: http://www.advanta.com



*** Attachment-Scanner: Status OK
*** "YAHOO" Anti-Virus
*** http://www.yahoo.com
------------------------------

And there's a file attached to this one called "account_info_text.zip".


Can you tell me what the heck is going on with my email? It's so weird that I get these three specific types of emails. They're ALWAYS the same. The only things that change are the addresses they are apparently from and the link in the "Registration Confirmation" email.

I have a Yahoo email account and these emails ended up in my Bulk Folder. At least Yahoo filtered them out for me. And if that didn't work, I have Norton Anti-Spam also hooked up to this account and I'm sure that would have nabbed 'em. But I still want to know what's going on. Why all of a sudden am I getting attacked like this? I set up three filters to block each email based on the text in the body. And since I set up those filters it has detected every one of these emails because one of these lines is ALWAYS present in the email:

1.      “ok ok ok,,,,, here is it”
2.      “Account and Password Information are attached”
3.      “Mail-Header, Mail-Body and Error Description are attached”

The worst part of this whole ordeal is .... some of the email addresses that these emails come from are the personal email addresses of people I actually know! I thought that maybe someone hacked my AddressBook in Yahoo! But I don't even have these persons addresses saved in my address book! How then am I getting fake emails from people I know? Is someone else hacking THEIR email accounts?

It’s not such a big deal ‘cause all my Spam filtering is weeding this stuff out, but I just want to know why this is happening. And how. I tried looking up these emails on Google but nothing came up. Am I the only person with the SPECIFIC problem? Is this some new scam? Is there any information posted on the internet where I can find out more info on this? To whom can I send these emails for investigation? I can decipher some things myself by looking at the full headers but I can’t tell much. I’m sure an expert could. Where is one so I can pick his brain?

David
0
yipperoo
Asked:
yipperoo
  • 2
  • 2
1 Solution
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
This is a new varient of an existing virus.  Reference:
http://vil.nai.com/vil/content/v_133409.htm
0
 
blue_zeeCommented:

As you guessed and leew posted, those emails contain virus attachments and any good AV scanner would have deleted them on arrival.

Try Avast Home Edition (free):

http://www.avast.com/eng/programs.html

Regarding the "known" email addresses that is called spoofing and is explained here with good detail:

http://www.cert.org/tech_tips/email_spoofing.html

Anyway, you know the rules on email attacchments...
;-)

Zee
0
 
einsteinjr79Commented:
Try the following:

1)Uninstall Zone Alarm
2)Install a different browser (like abrowser)
3)Run an online scan say (Panda, RAV antivirus etc.) or run the trial version of NOD32 downlaoaded module.
4)Also run the browser security test by Scannit.
5)If the antivirus cannot remove the virus, note the name, boot into safe mode and manually delete the files.
6)After that again run the AntiVirus (online as well).

regards,

Einy
0
 
einsteinjr79Commented:
Sorry guys,
 the above posting was meant for another question

 apologise for the incovenience.

Regards,

Einy
0
 
blue_zeeCommented:
Quote.

 Sorry guys,
 the above posting was meant for another question

 apologise for the incovenience.

Unquote.

Must be a joke.

Zee
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now