I got a email virus from my school.

ScottyB

Diamond Member
Jan 28, 2002
6,677
1
0
I got an email from my school, "support@msu.edu" saying that a lot of viruses have been leaving my outbox, funny because it is web based and I can't send out from Outlook. They sent me an attachment saying:

Dear user of Msu.edu,

Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.

Advanced details can be found in attached file.

For security purposes the attached file is password protected. Password is "13787".

Cheers,
The Msu.edu team http://www.msu.edu


**
The file that they sent me was a virus.





 

iamme

Lifer
Jul 21, 2001
21,058
3
0
oh jeez....my sister goes to msu....i'll have to let her know about that one.
 

Electric Amish

Elite Member
Oct 11, 1999
23,578
1
0
It's not FROM the school. The email address was just spoofed.

We got those exact emails here at where I work as well.
 

ScottyB

Diamond Member
Jan 28, 2002
6,677
1
0
Originally posted by: iamme
oh jeez....my sister goes to msu....i'll have to let her know about that one.

I got the same one from a guy too:

barrysco@msu.edu
Hey, dude, it's me ^_^ :p
MsgInfo.zip (20kb)
Argh, i don't like the plaintext :)

..btw, "24807" is a password for archive


The one from fake MSU was Information.zip
 

Lotheron

Platinum Member
Oct 21, 2002
2,188
2
71
I got one from MY DOMAIN and I'm the only one using my domain. I do NOT have the virus myself, so HMMM? And I never get virus' as no real person usually sends me email, usually it's stuff I've signed up for or whatnot.

This one is weird.

Dear user of "Slasher2k.com" mailing system,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For details see the attached file.

Attached file protected with the password for security reasons. Password is 65727.

Best wishes,
The Slasher2k.com team http://www.slasher2k.com

^^ The file it sent me was the Beagle virus.. It's one of the same that Scotty got
 

Entity

Lifer
Oct 11, 1999
10,090
0
0
Originally posted by: Slasher2k
I got one from MY DOMAIN and I'm the only one using my domain. I do NOT have the virus myself, so HMMM? And I never get virus' as no real person usually sends me email, usually it's stuff I've signed up for or whatnot.

This one is weird.

Dear user of "Slasher2k.com" mailing system,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For details see the attached file.

Attached file protected with the password for security reasons. Password is 65727.

Best wishes,
The Slasher2k.com team http://www.slasher2k.com

^^ The file it sent me was the Beagle virus.. It's one of the same that Scotty got

Check the email header -- it's forged. Mine came from "management@geekfitness.com," which doesn't exist (I should know, since I'm the admin). Minendo posted earlier that it has been upgraded on the list of viruses...

Rob
 

I got an email from university of cincinnati saying that encrypted files sent via email will be suspended or something till further notice.
 

Entity

Lifer
Oct 11, 1999
10,090
0
0
Originally posted by: Phocas
I got an email from university of cincinnati saying that encrypted files sent via email will be suspended or something till further notice.

Yup, apparently it encrypts the attachment, so email scanners don't pick it up.

Rob
 

This is to notify you that, as a result of the current virus outbreak, and only as a temporary measure, UCit will be blocking
all email messages with encrypted attachments. Encrypted attachments may contain viruses but these viruses cannot be detected and cleaned by the anti-virus software. If you have questions regarding this matter, please send email to userhelp@email.uc.edu

Thank you.

UCit Email Services
^from school it dept^


Thanks for the heads up why....
 

ScottyB

Diamond Member
Jan 28, 2002
6,677
1
0
Originally posted by: Entity
Originally posted by: Phocas
I got an email from university of cincinnati saying that encrypted files sent via email will be suspended or something till further notice.

Yup, apparently it encrypts the attachment, so email scanners don't pick it up.

Rob

Mine picked it up.
 

BCYL

Diamond Member
Jun 7, 2000
7,803
0
71
It's an executable file compressed in a password-protected zip... Norton already updated their virus definitions to scan for this...

Just don't run the executable and you'll be fine...
 

amdskip

Lifer
Jan 6, 2001
22,530
13
81
Got the same thing here at Western Illinois University. Teachers are all freakin out as some of the emails say their account is being turned off for email.
 

deejayshakur

Platinum Member
Aug 7, 2000
2,584
0
0
gotta represent ucla again.

Dear user of Ucla.edu gateway e-mail server,
Your e-mail account has been temporary disabled because of unauthorized access.
Further details can be obtained from attached file.
In order to read the attach you have to use the following password: 45536.
The Management,
The Ucla.edu team http://www.ucla.edu
 

We got hit hard by that at UM - our email servers slowed to a crawl last night. Thank goodness for quick action on the part of the email server people. Within 1/5 hrs. of the first sign of the virus, they were blocking it at the gateway.
 

ElFenix

Elite Member
Super Moderator
Mar 20, 2000
102,352
8,443
126
Originally posted by: hdeck
Originally posted by: ElFenix
got that this afternoon on my utexas account

ive gotten like 20 from different ut accounts since friday.

well that was the first email that i even took a look at the body of the message... most i delete without even looking
 

Jzero

Lifer
Oct 10, 1999
18,834
1
0
I put the kibosh on encrypted zip attachments today, too. My boss thinks it's just temporary, but I've been in the info security business long enough and I'd bet good money that more and more viruses will come with encrypted zip payloads, so I'm just going to have to dump them.

 

Crusty

Lifer
Sep 30, 2001
12,684
2
81
Originally posted by: ElFenix
Originally posted by: hdeck
Originally posted by: ElFenix
got that this afternoon on my utexas account

ive gotten like 20 from different ut accounts since friday.

well that was the first email that i even took a look at the body of the message... most i delete without even looking

I've only gotten 2 from UT mail...hrmpf
 

DaWhim

Lifer
Feb 3, 2003
12,985
1
81
I would say the social engineering level upgraded. I almost fell for it when it says my emailbox will turn off. I would take extra caution to open it and check the website before. NAV caught that :)