?
Solved

Suspiciously legitimate spam containing virus zip files

Posted on 2013-11-05
3
Medium Priority
?
724 Views
Last Modified: 2013-11-05
Hi,

I have a client running a 2011SBS server for Exchange and File Sharing.  The server is protected by AVG Business antivirus which is up to date.

My client has emailed today saying that they are getting a suspicious number of spam emails coming in which seem to be clever enough to look like they are legitimate.  The examples given were:

We receive an email pretending to be a mobile phone bill from O2 when all our phones are from O2, we've received a mortgage completion statement from a company we deal with that was a virus in the zip file, we've had and an investment report from another company we have been dealing with containing a zip file with a virus.

Can anyone identify whether this is just pure co incidence or whether they feel something else is at play? I've run a company wide virus scan and nothing is picked up but it does seem a bit odd that some of these spam emails seem so relevant.  Does this ring any bells with anyone or is it just coincidence and something a decent spam filtering service can deal with?

Thanks
0
Comment
Question by:amlydiate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39624691
There is a spam campaign that has been running for about a month that is very slick.
This blog posting explains more.

http://blog.mxlab.eu/2013/10/07/new-trojan-variant-comes-in-multiple-formats-from-the-sender-fraudaexp-com-and-servicescitibank-com/

The comments are also interesting, and it sounds like the group responsible may have increased their scope.

Simon.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39624709
Typically I have an external spam filter or an internal one (like a barracuda) to deal with these spam emails.  It is a little random and spoofing with payment (bills), BBB, and USPS are all common tricks to inject the virus.  If you have a spam filter I would suggest bumping it up a little bit to hopefully snag them.
0
 

Author Closing Comment

by:amlydiate
ID: 39624727
Thanks Sembee, that article exactly matched my clients experience so looks like it's infected PC's elsewhere doing the damage.
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question