Solved

Suspiciously legitimate spam containing virus zip files

Posted on 2013-11-05
3
710 Views
Last Modified: 2013-11-05
Hi,

I have a client running a 2011SBS server for Exchange and File Sharing.  The server is protected by AVG Business antivirus which is up to date.

My client has emailed today saying that they are getting a suspicious number of spam emails coming in which seem to be clever enough to look like they are legitimate.  The examples given were:

We receive an email pretending to be a mobile phone bill from O2 when all our phones are from O2, we've received a mortgage completion statement from a company we deal with that was a virus in the zip file, we've had and an investment report from another company we have been dealing with containing a zip file with a virus.

Can anyone identify whether this is just pure co incidence or whether they feel something else is at play? I've run a company wide virus scan and nothing is picked up but it does seem a bit odd that some of these spam emails seem so relevant.  Does this ring any bells with anyone or is it just coincidence and something a decent spam filtering service can deal with?

Thanks
0
Comment
Question by:amlydiate
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
There is a spam campaign that has been running for about a month that is very slick.
This blog posting explains more.

http://blog.mxlab.eu/2013/10/07/new-trojan-variant-comes-in-multiple-formats-from-the-sender-fraudaexp-com-and-servicescitibank-com/

The comments are also interesting, and it sounds like the group responsible may have increased their scope.

Simon.
0
 
LVL 22

Expert Comment

by:Nick Rhode
Comment Utility
Typically I have an external spam filter or an internal one (like a barracuda) to deal with these spam emails.  It is a little random and spoofing with payment (bills), BBB, and USPS are all common tricks to inject the virus.  If you have a spam filter I would suggest bumping it up a little bit to hopefully snag them.
0
 

Author Closing Comment

by:amlydiate
Comment Utility
Thanks Sembee, that article exactly matched my clients experience so looks like it's infected PC's elsewhere doing the damage.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now