Solved

Suspiciously legitimate spam containing virus zip files

Posted on 2013-11-05
3
722 Views
Last Modified: 2013-11-05
Hi,

I have a client running a 2011SBS server for Exchange and File Sharing.  The server is protected by AVG Business antivirus which is up to date.

My client has emailed today saying that they are getting a suspicious number of spam emails coming in which seem to be clever enough to look like they are legitimate.  The examples given were:

We receive an email pretending to be a mobile phone bill from O2 when all our phones are from O2, we've received a mortgage completion statement from a company we deal with that was a virus in the zip file, we've had and an investment report from another company we have been dealing with containing a zip file with a virus.

Can anyone identify whether this is just pure co incidence or whether they feel something else is at play? I've run a company wide virus scan and nothing is picked up but it does seem a bit odd that some of these spam emails seem so relevant.  Does this ring any bells with anyone or is it just coincidence and something a decent spam filtering service can deal with?

Thanks
0
Comment
Question by:amlydiate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39624691
There is a spam campaign that has been running for about a month that is very slick.
This blog posting explains more.

http://blog.mxlab.eu/2013/10/07/new-trojan-variant-comes-in-multiple-formats-from-the-sender-fraudaexp-com-and-servicescitibank-com/

The comments are also interesting, and it sounds like the group responsible may have increased their scope.

Simon.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39624709
Typically I have an external spam filter or an internal one (like a barracuda) to deal with these spam emails.  It is a little random and spoofing with payment (bills), BBB, and USPS are all common tricks to inject the virus.  If you have a spam filter I would suggest bumping it up a little bit to hopefully snag them.
0
 

Author Closing Comment

by:amlydiate
ID: 39624727
Thanks Sembee, that article exactly matched my clients experience so looks like it's infected PC's elsewhere doing the damage.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question