Here's what we have recieved by many users today, but I substituted my domain with "TechIMO":
Quote:
Dear user of "TECHIMO.com" mailing system,
Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
Pay attention on attached file.
For security reasons attached file is password protected. The password is "81828".
Kind regards,
The TechIMO.com team http://www.TECHIMO.com |
Another variant of the same message:
Quote:
Dear user, the management of Techimo.com mailing system wants to let you know that,
We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
Advanced details can be found in attached file.
In order to read the attach you have to use the following password: 01358.
Sincerely,
The Techimo.com team http://www.techimo.com |
Notes:
* This came with an attached passworded ZIP file that contained an exe and pif infected with the Bagel virus/worm.
* the From Address was
Administrator@TechIMO.com (again, I subst. the actual domain name).
With the passworded ZIP, it will bypass many email gateway scanners and make it to your desktop email client.
Linear Mode
