Heads Up !
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Heads Up !

  1. #1
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    Heads Up !

    Not sure if this is just being 'over-hyped', but I have seen a lot of alerts along this line over the past few days.

    The Canadian Cyber Incident Response Centre (CCIRC) has received reports of a new e-mail-based technique for spreading Trojan horse programs. Because of the nature of this technique, standard defensive measures such as anti-virus software and firewalls are not completely effective. As a result, the risk of critical infrastructure networks being compromised by attacks employing this technique is significant.

    The "From" address of the e-mail is spoofed, making it appear to come from a colleague or reliable third party organization;

    The subject line and text of the e-mails appear relevant to the recipient’s work, or may be copied from a previous legitimate e-mail; and

    The attachment name and type appear relevant to the text and to the recipient’s work
    Now I personally haven't run into anything related to this yet (has anyone seen this type of activity?) so I tend to believe this may be a bit of an over reaction but I could be wrong.

    Full Alert Message

    Cheers:
    DjM

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I had two customers last weekend with this thing (which Avast categorized as Mytob): turns off AV (Norton in this case), and was caused by an email supposedly sent by Comcast (the customers' ISP). Both indeed seemed to have taken their subject line ("Comcast Administration: your account" or something) from other emails/data, and both of the messages were pretty convincing. Both had the trojan-infected attachment.

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Negative
    I had two customers last weekend with this thing (which Avast categorized as Mytob): turns off AV (Norton in this case), and was caused by an email supposedly sent by Comcast (the customers' ISP). Both indeed seemed to have taken their subject line ("Comcast Administration: your account" or something) from other emails/data, and both of the messages were pretty convincing. Both had the trojan-infected attachment.
    I am not sure if this is related to the Mytob outbreak (what, there must be a couple of hundred versions of this one by now ), but I may be wrong. I guess it's how some of these agencies interpret the information they are receiving.

    Cheers:
    DjM

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I beleive you will find this to be a manifestation of this, (Top of the headilnes).

    [EDIT]

    The bastiges changed the main page right after I posted.....

    [/EDIT]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Member
    Join Date
    Jun 2005
    Posts
    34
    Tiger Shark you're right. I've been watching this and what is unique is that it masquerades as something sent from your ISP saying that because of security reasons your accounts been locked and titles such as this. Enter trojan.
    to SYN, or not to SYN. That is the question. -Shakespeare?

  6. #6
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    had two customers last weekend with this thing (which Avast categorized as Mytob): turns off AV (Norton in this case), and was caused by an email supposedly sent by Comcast (the customers' ISP). Both indeed seemed to have taken their subject line ("Comcast Administration: your account" or something) from other emails/data, and both of the messages were pretty convincing. Both had the trojan-infected attachment
    I had a few customers infected with something very similar to this except this was on the BellSouth network both ADSL and Dial up. It came in as a Email with Attached Virus

    The email appears in the inbox with the subject line *DETECTED* Online
    User Violation. The email has an attached zip file. Came in German and English. Anyways I took care of the customers issue and informed the customer to report the incident to the Abuse Department for tracking. On a side note; I am surprised how many people got infected with this thing. I asked one customer and he stated "It said it was from Bellsouth so I downloaded it and ran it, Next thing I know my computer is acting really slow and not running right," lol.

  7. #7
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi DjM,

    I'm sure it's not an over-reaction...our government never over-reacts or gets hyped-up over anything.

    Eg

  8. #8
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Egaladeist
    Hi DjM,

    I'm sure it's not an over-reaction...our government never over-reacts or gets hyped-up over anything.

    Eg
    You have been drinking again, haven't you Egaladeit

    Cheers:
    DjM

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    last week after an apparent "brute-force" mailing attack the only account with a common type name, 'fran' for 'franchisse' had a message in its box with an attachment.

    the email was listed as comming from the administrator of my company stating that this person had sent out a mass mailing and her account was suspended until she replied. (although the ip addy was from an LA Calif ISP). last week an employee (VP) in that dept sent a message with a 2Mb pdf attached to 8000 people. it was not unsolicited mail but this big shot still was breaking policy and now has very limited rights

    the attachment was a zip file called important.document.zip and contained a file "important.document.htm <70 spaces> .exe

    now this sounds allot like netsky.p but symantec still doesn't see it as a virus.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Originally posted here by Tedob1
    ...
    the attachment was a zip file called important.document.zip and contained a file "important.document.htm <70 spaces> .exe

    now this sounds allot like netsky.p but symantec still doesn't see it as a virus.
    I saw some of those when they first started showing up (file size 57kb). I've been updating daily or twice daily and Symantec sees this as a Mytob-type worm now. Didn't right away, even though it uses the same methods and does the same types of activities in the registry as earlier Mytob worms.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •