WARNING - Invoice email containes a virus!

[Lyte]

Howdy!

I just got this email at PC101's mail box...

Dear Customer,

Thank you for ordering from our internet shop. If you paid with a
credit card, the charge on your statement will be from name of our shop.

This email is to confirm the receipt of your order. Please do not
reply as this email was sent from our automated confirmation system.

Date : 06 Nov 2006 - 12:40
Order ID : 37679041

Payment by Credit card

Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99

Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87

Your Order Summary located in the attachment file (self-extracting
archive with "37679041.pdf" file ).

PDF (Portable Document Format) files are created by Adobe Acrobat
software and can be viewed with Adobe Acrobat Reader. If you do not already have this viewer configured on a local drive, you may download it for free from Adobe's Web site.

We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.

We hope you enjoy your order! Thank you for shopping with us!

When I first saw this email I thought "OMG, someone must have gotten ahold of my credit card!" I scanned the PDF file ("self-extracting" gave me pause!) that was attached and found Infostealer.Snifula.B virus. This the first of this kind that I've seen so I thought I'd share! Be careful!

Lyte

[crafterz]

stupid phishers!!! i hate these kinds of people! Viruses are coming new every day.

[Dragon]

Quote:

stupid phishers!!! i hate these kinds of people! Viruses are coming new every day.

this isn't a phishing scheme.

this is a backdoor trojan designed to take any and all personal information (e.g. credit cards, passwords, bank account number, etc...) and send it to the creator. It is also a self propagating worm, it will use your email address book to send the same email to anyone in your address book, using it's own IP Proxy tha is packed with it.

This is a very dangerous virus, if you open it, you need to contact your credit card companies, your bank, and any other place that you may have listed in the computer.

[crafterz]

Thats phishing

Quote:

to send ruse e-mail with a link to a replica of an existing web page, designed to fool users into submitting personal, financial, or password information; to defraud someone using this method; also, to create a website replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords

[Lyte]

Quote:

Originally Posted by Dragon

This is a very dangerous virus, if you open it, you need to contact your credit card companies, your bank, and any other place that you may have listed in the computer.

Well, I opened the email but not the PDF file. Am I still in trouble?!

Lyte

[crafterz]

no, they cant take any info from you, i think... What e-mail provider you use?

[Lyte]

Well, this was coming straight through PC101's server (hosting company) because it came to info.at.pc101.dot.com It didn't come through my yahoo account. So, someone snatched it off the site.

I've got the email addy from which it came but I'm sure it's either bogus or it's a legitimate site and the evil doer is just using their name as a cover.

Lyte

[Dragon]

Quote:

Originally Posted by Lyte

Well, I opened the email but not the PDF file. Am I still in trouble?!

Lyte

as long as the email is readable by bots they can get it. I encode all my email addresses on my site to confuse the bots.

your info is safe as long as you dont' open the PDF file.

[Lyte]

How would I go about encoding PC101's email??

I'm suddenly getting a LOT of spam. Grr!

Thanks!

Lyte

[Dragon]

as long as you are able to change the actual code, you can replace your email info with unicode.

you can go here and it will do it all for you.

just put your email address there in top box. click on convert and then copy and paste the new code from the lower box in place of what is there currently.

I don't know if this will work in the profiles of forum software or not.

to make this work it would be taking the information like the following line in your html

Code:

<h ref=:"mailto:you@yourserver.com">you@yourserver.com</a>

and replacing it with the unicode from that site as shown.

Code:

<a href="mailto:{place unicode here}>{place unicode here}</a>

the browser will make it look like but to the bots it will look like a bunch of garbage.

[Lyte]

Thanks Dragon,

I'll replace the code and give it a test. Thanks!

Lyte

[dr911]

Hey Lyte,

Next time you get these "phishing" scam e-mails......just forward them to:





These addresses are very important to cut down on "phishing scams".

[Lyte]

Doc, kewl... when I get home I'll see if I can't find that email addy. You know I got another at one of my yahoo emails!

Lyte