Friday 23 June 2006
- Malicious e-mail update, I've got some time, A note to AOL users
Malicious e-mail update
Following the news on June 20th, I've done a little research and whilst the variant of the virus is new, the content used in the e-mail, actually appears to have been used for the same thing last year. As an addendum, I've just recently (a few minutes ago) received another of these - with a difference to the last report.
Whereas the e-mails I reported on last time, included a link to an infected file, this one seems to have returned to the same tactic as last year. This one includes an attatchment with the name "important-details.zip". The content is packed using NTPACKER and if executed, will infect the computer with the MyTob worm (big suprise there).
I cannot stress enough, if you receive e-mails claiming to have come from it-mate.co.uk and containing an attatchment, DELETE IT!. I DO NOT send e-mails with attatchments unless explicitly asked to do so (i.e. if you've not asked me to, it's not come from me). In addition, if the e-mail mentions or refers to verifying an account - DELETE IT!. The ONLY time you will EVER receive an e-mail from myself asking to verify an account, is immediately after registering for the newsletter and/or Intranet. You will NEVER receive e-mails asking for such AFTER you have registered.
Just as I was about to publish this, I received two more of these - both with differing subjects (though they are the same subjects used last year). Same infection as above. Guess whoever is running this years is also responsible for last year's run.
Interestingly, all of the one's I've received thus far, are originating from a MindSpring customer (user-0c8hh24.cable.mindspring.com - IP: 188.8.131.52). This means either the person running this machine, is infact responsible for sending these (doubtful but certainly possible) - or they've had their machine infected by the worm and haven't noticed yet (most likely). After a quick chat with an Earthlink (they own MindSpring) CSA, this persons machine will either be unable to continue doing this, or the user will be notified that their machine is infected.
WARNING: Virus infected e-mail claiming to come from Ur I.T. Mate Group
KBID# 26: [ALERT] E-mail claiming to come from Ur I.T. Mate Group
MyTob Removal Tools
BitDefender - antimytob-en.exe - 60K
Symantec - FixMyTob.exe - 174K
Sophos - mytobsfx.exe - 206K
I've got some time
It's unfortunately true folks. As of yesterday afternoon, I am once again faced with unemployment.
Though I shall refrain from going into details I was given the choice of being fired or resigning, so chose to resign. This however, is not necessarily all bad as it once again means I have more time to spend on web and software projects (though it's not even been 24 hours yet and I'm already hating unemployment).
A note to AOL users
I would like to drop a note to the AOL users that stop by here. Due to reasons known only to AOL (most likely being because I do not and will not, pay them for the privilege of sending mail to AOL accounts), I am no longer able to respond to queries where the return e-mail address, is from an AOL customer.
In cases such as this, I would ask AOL users wishing to contact me to please either use the ticket system, via the URL below, or use a non-AOL account (i.e. Hotmail, GMail, MSN).
<< Back to News