YAVT: Slick new virus: Sends zip with password in email

[SendTrash]

I tried a search for "virus" and didn't find any relavant threads.

I just got two emails this morning and to me, at first they looked totally legit. The first one had the message of:

"Argh, i don't like the plaintext

..btw, "03388" is a password for archive"

On a second thought, it is obviously a virus, but it was coming from a girl, so I understood the smiley face, and I like plaintext, but I understand some people don't like it... and hey, a zip.. that's not a virus (yeah, stupid thinking)..

Then I got another email with a totally different message,

"I don't bite, weah!

password: 16672"

But this is obvious, whenever someone tells you they don't bite, they do (personal experience)

But I thought this was a slick virus because both the email title and message were different and the payload is in a zip, and regular AV scanners skip zip files right? Plus I thought the email message was tempting to make me open the attachement for a second.

Is there such a thing as YAVT = Yet Another Virus Thread?

 

[BAMAVOO]

Seeing that here at work as well. Just had someone email me they received the two mails back to back.

I scanned them with Norton and it was clean? So I don't know if it is a virus, unless it is that new and not being caught yet.

 

[JulesMaximus]

I got 2 e-mails at home the other day with virus files attached. NAV quarantined them before I had a chance to see what they were.

I believe you can set NAV to scan zipped files.

 

[Beau]

Originally posted by: JulesMaximus
I got 2 e-mails at home the other day with virus files attached. NAV quarantined them before I had a chance to see what they were.

I believe you can set NAV to scan zipped files.

I don't think NAV or anything else can scan a password protected zipped file, most they could do is match the file size.

 

[SendTrash]

Originally posted by: JulesMaximus
I got 2 e-mails at home the other day with virus files attached. NAV quarantined them before I had a chance to see what they were.

I believe you can set NAV to scan zipped files.

Wow, your Norton caught them already? My sophos AV is slow then.

 

[rutchtkim]

Got 4 of these emails already, all differnt messages of the same type.

 

[BAMAVOO]

This looks to be the culprit. Symantec caught it yesterday and should be blocking now.

 

[OZEE]

AVG can be set to scan everything: Service > Test Settings > Test All Extensions... But you're right, it doesn't do it by default.

 

[gwlam12]

oh i just got that. didnt see this post earlier.

 

[Voip]

Thanks for the info.

 

[EyeMWing]

Heh, how the heck can a virus scanner penetrate a passworded zip?

 

[Daishiki]

yea, my friend was saying how he got one of these yesterday.

and a passworded zip just can't be extracted without a password. you might be thinking of a file that is encrypted

 

[CraigRT]

lots of new crap like this lately.. i get a lot of Netsky.D's in my inbox in the last 2 days.

 

[JulesMaximus]

Originally posted by: SendTrash

Originally posted by: JulesMaximus
I got 2 e-mails at home the other day with virus files attached. NAV quarantined them before I had a chance to see what they were.

I believe you can set NAV to scan zipped files.

Wow, your Norton caught them already? My sophos AV is slow then.

I don't know if the infected files I received are the same as the ones mentioned above. I haven't looked at them in detail yet. Just saying that I did get two the other day and that I thought you could set NAV to scan compressed files. The two statements were not necessarily related.

 

[dabuddha]

Up at work, we started deleting zip file attachments. Yesterday alone, over 48,000 zip files were deleted apparently.

 

[fonzinator]

I got this same virus today in my Yahoo email acct. It had a message posing as Yahoo system admins from "staff@yahoo.com" It was very deceptive. I'm sure MANY people will open this up and be hosed.

 

[Grey]

Ditto have received several versions of it but its essentially this each time.
-------------------------

Subj: Warning about your e-mail account.
Date: Tue, 02 Mar 2004 23:19:41 -0500
From: noreply@njdevs.com
----------------------------------------------------------------
Hello user of Njdevs.com e-mail server,

We warn you about some attacks on your e-mail account. Your computer may
contain viruses, in order to keep your computer and e-mail account safe,
please, follow the instructions.

Advanced details can be found in attached file.

Attached file protected with the password for security reasons. Password is 45164.

Have a good day,
The Njdevs.com team http://www.njdevs.com


=============== Attachment ================
Readme.zip

 

[deejayshakur]

Dear user of Ucla.edu gateway e-mail server,

Your e-mail account has been temporary disabled because of unauthorized access.

Further details can be obtained from attached file.

In order to read the attach you have to use the following password: 45536.

The Management,
The Ucla.edu team http://www.ucla.edu

tricky!

 

[EagleKeeper]

Received early this week an e-mail in Yahoo box that had an attachment with the extension .SIF

Did not recognize the sender of format. Sent a reply back asking for clarification and deleted the file.
Better be safe than sorry.

 

[Brutuskend]

I've been getting a lot of emails lately with attachments.

When in doubt, I just delete them and add them to my spam filter.

Any mail from someone I don't know is "In doubt"

 

[SarcasticDwarf]

I just got one...from myself

 

[Crusty]

Dear user, the management of Utexas.edu mailing system wants to let you know that,

Some of our clients complained about the spam (negative e-mail content)
outgoing from your e-mail account. Probably, you have been infected by
a proxy-relay trojan server. In order to keep your computer safe,
follow the instructions.

For more information see the attached file.

Attached file protected with the password for security reasons. Password is 67627.

Best wishes,
The Utexas.edu team http://www.utexas.edu


_________________________________________________________

That's the email I got with a .zip...kinda odd that it came from UT acting as UT since I goto UT. Of course I didn't open it, Norton went nuts once the email arrived.

 

[ndee]

ok guys, you can stop with the "Any mail from someone I don't know is "In doubt""-attitude. It can also come from someone you know cuz they fake the sender. You have to be suspicious about every "weird" email you get, doesn't matter if you know the person or not.

 

[Brutuskend]

Originally posted by: ndee
ok guys, you can stop with the "Any mail from someone I don't know is "In doubt""-attitude. It can also come from someone you know cuz they fake the sender. You have to be suspicious about every "weird" email you get, doesn't matter if you know the person or not.

Well I also have Norton, so if I get anything from anyone it gets caught.

 

[ndee]

Originally posted by: Brutuskend

Originally posted by: ndee
ok guys, you can stop with the "Any mail from someone I don't know is "In doubt""-attitude. It can also come from someone you know cuz they fake the sender. You have to be suspicious about every "weird" email you get, doesn't matter if you know the person or not.

Well I also have Norton, so if I get anything from anyone it gets caught.

I just went to the thread and your post just reminded me of some friends. "If... if... if it's an email from someone I don't know, I surely wont open it!"