SPAM FROM FRIENDS
A few days ago, you may have received a warning from us about a very prolific email virus spreading this week. We have now seen an increased number of issues across the internet and want to ensure that you are aware of the new email examples.
Background/How it Works
The virus is propagated by infecting a computer and stealing the user’s contact list. The virus is then sent from that person’s email address to every one of their contacts.
This is very dangerous because it will bypass all spam filters since they are known safe senders. The recipient also thinks it is safe because they trust the person sending the email. As of now, we have not seen any anti-virus package detect the virus before executing.
What to Look For (UPDATED)
The infected emails will come from your contacts. Likely, the person may be someone that you know and trust and email frequently. The email may even have your name in the body of the email in an attempt to personalize the message and persuade you to follow the link or open the attachment. So, how will you know? Here are some clues:
Zip Files
Zip files are becoming less common in email due to security issues. In fact, some of our clients do not allow their system to receive zip files for that reason. If the person sending you the file does not normally send zip files, do not open it. Call and ask if the file was actually sent by them.
Word or Excel Files
Harder to determine their safety, this one requires some investigation before opening. Were you expecting the file? Is it named something relevant to a topic that you are discussing or dealing with? Is the message personalized beyond your name?
Many times, MS Office will disable functions in the document and request consent from you. If you do mistakenly open the file, DO NOT allow active content in the file until you are sure that it is safe.
Links
A new variant that we have seen involves a link in the email body instead of an attachment.
For example,
Hey Nick
www.pgh-it.com (safe example link)
Christopher
Sent from my iPhone
It looks legit. As if someone sent it from their iPhone and was simply forwarding an interesting link.
In the real email that I received, it was not. Luckily, we have added security policy in place and any threat that this email would have posed made this threat easily identifiable before I was tempted to open it.
Another example that we have seen is a link that seems to be a Dropbox link. The email is branded and it seems to simply be a invitation to a folder in their Dropbox account. In reality, it is a link to a virus.
In this example, “Kindly view” is typical spammer language in addition to the “i attached to you” language. It just doesn’t seem right. Plus, I am not expecting a file from this person.
One click on this email and your PC is infected. Most likely, everyone of your email contacts will then get a similar email from you and the virus will continue working in your PC, doing whatever its mission entails i.e. spam advertising, data theft, etc.
What to Do
Educate others. Forward this email or make them aware of the threat.
In addition, there are methods and strategies to create a security policy that minimizes the risk of becoming a victim to this attack. If you do no have one in place or are not sure, we can help develop one for you.
If you have any questions or concerns, please contact PTM immediately.