Solved

Suspiciously legitimate spam containing virus zip files

Posted on 2013-11-05
3
723 Views
Last Modified: 2013-11-05
Hi,

I have a client running a 2011SBS server for Exchange and File Sharing.  The server is protected by AVG Business antivirus which is up to date.

My client has emailed today saying that they are getting a suspicious number of spam emails coming in which seem to be clever enough to look like they are legitimate.  The examples given were:

We receive an email pretending to be a mobile phone bill from O2 when all our phones are from O2, we've received a mortgage completion statement from a company we deal with that was a virus in the zip file, we've had and an investment report from another company we have been dealing with containing a zip file with a virus.

Can anyone identify whether this is just pure co incidence or whether they feel something else is at play? I've run a company wide virus scan and nothing is picked up but it does seem a bit odd that some of these spam emails seem so relevant.  Does this ring any bells with anyone or is it just coincidence and something a decent spam filtering service can deal with?

Thanks
0
Comment
Question by:amlydiate
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39624691
There is a spam campaign that has been running for about a month that is very slick.
This blog posting explains more.

http://blog.mxlab.eu/2013/10/07/new-trojan-variant-comes-in-multiple-formats-from-the-sender-fraudaexp-com-and-servicescitibank-com/

The comments are also interesting, and it sounds like the group responsible may have increased their scope.

Simon.
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39624709
Typically I have an external spam filter or an internal one (like a barracuda) to deal with these spam emails.  It is a little random and spoofing with payment (bills), BBB, and USPS are all common tricks to inject the virus.  If you have a spam filter I would suggest bumping it up a little bit to hopefully snag them.
0
 

Author Closing Comment

by:amlydiate
ID: 39624727
Thanks Sembee, that article exactly matched my clients experience so looks like it's infected PC's elsewhere doing the damage.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question