Be careful of virus attack!

maoman · June 10, 2010, 4:28am

I’ve got seven e-mails in my inbox claiming to be from “forumosa.com support”. The “from” address reads as admin at forumosa, but there is a “reply to” address which reads muralistswi66@redwhitearmy.com. The e-mail is as follows:

[quote]Dear Customer,

This e-mail was send by forumosa.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.

They’ve attached a file, which of course remains unopened.

I did a little digging, and found out this:

[quote]Emails claiming that recipient’s accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else.

The spammed-out emails try to hoodwink users into running the attached file (Instructions.zip) which is, predictably, carrying a malicious payload.

Here’s what the emails look like:

Dear Customer,

This e-mail was send by example.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions

(C) example.com

In an attempt to make the email more convincing, the attackers reference the domain name (for instance, example.com) used by the recipients’ email account in the emails they are spamming out.

Sophos detects the malicious attachment proactively as Mal/FakeAV-BT and Mal/BredoZp-B, but users of security products from other vendors would be wise to ensure that they are properly updated and protected.

The hackers are once again using a tried-and-trusted social engineering trick (in this case trying to fool you into believing that your account has been compromised) to lure you into the serious mistake of opening the attached file.

Wiser computer users should have learnt by now that you should always be extremely suspicious of unsolicited attachments.[/quote]

Forewarned is forearmed!

divea · June 10, 2010, 4:30am

No spam so far for me but thank you for the heads up!

maoman · June 10, 2010, 4:47am

So far all of the e-mails have been sent to addresses with forumosa.com as the domain name, but I’m not sure if they can move on past that. I just wanted to alert people to the potential danger - I know most of the people on Forumosa are already quite computer-savvy. This was just a reminder for the few that aren’t…

jimipresley · June 10, 2010, 4:48am

Thanks Boss.

teggs · June 10, 2010, 6:08am

I’ve got a few of these to one of my email address in which the domain name is also used for a website … didn’t open it either.

Chaon · June 11, 2010, 9:10am

Just to be on the safe side, you should all PM me your credit card numbers, with the expiration dates and verification codes. I will make robust security confirmation of your personal financial data.

jimipresley · June 11, 2010, 9:15am

That’s so nice of you, Mr Chaon! I don’t know how to PM, though. Can I just write that stuff here? Do you need my ATM pin numbers too?

Mother_Theresa · June 11, 2010, 9:35am

Filthy skanky disgusting virus. :raspberry: Use condoms, folks.

Chaon · June 11, 2010, 9:40am

Yes. Send me the ATM card and the pin by post so I can robust security confirmation your bank account.

jimipresley · June 11, 2010, 9:44am

Yes. Send me the ATM card and the pin by post so I can robust security confirmation your bank account.[/quote]
Will you please post your address and telephone numbers? I don’t know how to use the PM function. Also perhaps a photograph of yourself? Just so I can put a face to the name.