[HFDlist] [Fwd: [MEC-tech] New Spam Email - Virus Warning]

Doug Nelson nelson at townofholden.net
Fri Oct 24 14:03:37 EDT 2008 

As always, be alert as to what you are opening or clicking on.

If you get something unsolicited from someone you do not know, don't open it, even if it 
looks like it might be real. You can always call here at 508-829-0283 and ask.

Our Sophos anti-virus should protect against this, but as the email explains, this is a 
changing, mutating virus which is harder to block. It is also imperative to please keep 
your systems updated to the latest versions of Windows software. This includes your home 
systems as well.


Thank you,

Doug

-- 
---------------------------------------------------------------
Douglas Nelson
Systems Administrator
Town of Holden
dnelson at townofholden.net
508-829-0283
---------------------------------------------------------------
http://www.townofholden.net/
http://www.townofholden.net/Pages/HoldenMA_IT/greenteam
---------------------------------------------------------------




-------- Original Message --------
Subject: 	[MEC-tech] New Spam Email - Virus Warning
Date: 	Fri, 24 Oct 2008 13:50:20 -0400
From: 	Annelyse Anderson <aanderson at meccorp.mec.edu>
To: 	<mecnet at mecnet.net>, <mec-tech at mecnet.net>



Dear MECnet Customers,



MECnet intercepted a new virus variant. The virus is known as
PAK_Generic.001 by Trend Micro, Backdoor.Win32.Haxdoor by Ikarus or as
Trojan:Win32/Emold.gen!C by Microsoft and multiple others. Unfortunately
the virus is constantly evolving requiring virus protection companies to
write additional virus definitions daily. MECnet blocks each variant as
a definition becomes available, so new variants may initially get
through. **Please be aware of these emails and do not open any
attachments you are not expecting and always scan with local virus
filters. *



*The emails are distributed with the subjects:*



Data request

Attached Statement

Statement January - October

Account data

Account information





*This is a sample of the content:*



Please take a look at the attached statement on your account. The
statement was issued today upon request, and your data has been
successfully altered.



Thank you for contacting us.

Sincerely,Gilda



or



Dear Valued Customer:



Your account ID: t.mario.flores



As requested, we are sending you this account report attached this mail
between 1/1/2008 and 10/1/2008.



At your service,

Aurelia Schneider



The attachment has the name “tatement_Jan-Oct.zip” and once extracted
has the document ”Statement_Jan-Oct.doc             .exe”. Naming can
vary when new variants are spread out. The spaces before .exe is a
common trick to fool people. It mostly appears as being a .doc file
while the actual file type is further in the file name.





Best Regards,



Annelyse Anderson
MECnet Help Desk Manager
Phone: 978-262-4000
Fax: 978-262-4100
Email: aanderson at meccorp.mec.edu <mailto:aanderson at meccorp.mec.edu>
http://support.mecnet.net <http://support.mecnet.net/>



*MECnet now offers E-mail Archiving - real-time archiving of all
delivered mail in its original format! *

*Contact MECnet Sales at sales at mecnet.net
<blocked::blocked::mailto:sales at mecnet.net> for more information.*

More information about the Firedept mailing list