EMAIL WARNING - Malicious ZIP attachments increase - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

EMAIL WARNING - Malicious ZIP attachments increase

Email F-Secure is reporting a huge increase in dangerous ZIP file attachments. Multiple copies of malicious e-tickets and tracking statements have been recieved and all copies should be deleted without opening any attachments or web lines.

Malicous ZIP attachments increase in email
http://www.f-secure.com/weblog/archives/00001524.html

QUOTE: Over the last 48 hours we've seen a huge increase in zipped malicious email attachments being spammed. The subjects have been:

SUBJECT LINES TO AVOID
Your Tracking #xxxxxxxx (where xxxxxxx is a random number)
New Ticket #xxxxx (where xxxxx is a random number)
Accounts Operations Report
Your Statement between 1/1/08 and 10/30/08

QUOTE: The ZIP file typically contains a file that looks like a document (.DOC) but it is really an EXE, there's just a lot of whitespaces between .DOC and .EXE. Some of these ZIP files are protected by a password which makes it more likely to be allowed through an email server. The password is always in the email message so that a user can easily see it. Using email attachments have made a comeback in popularity amongst malware writers during the last few months. We detect this latest batch as variants of the Worm:W32/Autorun family

Posted: Oct 30 2008, 09:14 PM by Harry Waldron | with 3 comment(s)

Comments

Pat said:

How can I clean this from my machines? I have 2 pcs infected with this virus. One of them we tried to restart and then tried to boot into safe mode but the Windows XP never finishes loading the desktop. Any ideas? Please HELP!!!

# October 31, 2008 8:12 AM

Harry Waldron said:

Hi Pat - On the right side of the site below, look for the section labeled "Free Protection and Removal Tools"

www.virusintel.com/tiki-index.php

If you get can online, try the "FREE ONLINE SCANNERS" like House Call which can be found at:

housecall.trendmicro.com

That will let you know what type of virus is found and you can go from there.

# October 31, 2008 11:46 AM

G. Schrock said:

12-04-08

I received one of these little darlings this afternoon, From United States Postal Service (!), Subject blah blah, a big long number. The e-mail warned me that the package I recently mailed had not been delivered due to an error in the recipient's address. I was supposed to open the attachment (UPS_NO22.zip) and print it. The message was amateurishly worded and not official-sounding at all, but I HAD recently sent a package (who hasn't at this time of year?), so I was hesitating when the Norton warned me that a virus (Hacktool.Rootkit) had been detected. A few seconds later it indicated that the risk had been eliminated. I jotted down the info to warn my friends and family about the e-mail and sent it on to digital oblivion.

Thanks for the warning. Hope this helps somebody.

# December 5, 2008 12:09 AM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.