Computer assistance please.....

[Blackbird]

This isn’t about bikes, but I know that there are some smart IT people out there who might have some useful comments.

This week, my neighbour (and fellow biker) had an email purporting to be from Webmaster at Xtra saying that his email address had been used for bulk spam mailouts. A zipped file was attached for him to fill in, requiring an explanation for his “behaviour” and if he ignored it, his account would be terminated.

The whole tone of the email was pretty aggressive and he wondered whether it was bogus, trying to trick him into opening the zip file which he wasn’t about to do. I’ve never come across anything like this before and I found another email address at Xtra for him to forward it to for comment. He hasn’t received a response yet.

Anybody else have a similar experience or like to hazard a guess as to what is going on? My only thought is that it might be genuine and someone is illegally using his email address.

Cheers

Geoff

[sefer]

I would suggest not opening it, but at the same time contacting Xtra (by phone if it's going to be faster).

As well as that get some spyware scanning software like Ad-aware (free, just google it) and a virus scanner like AGV (again free) and do a complete scan of the computer with each. This should pick-up any nasties.

[Ixion]

Sounds dubious. Call the xtra help desk on 0800225598 and discuss it with them, tis free.

[bugjuice]

I've had 4 emails like this all claiming to be from my ISP too.

DO NOT OPEN THE ZIP FILE

That's the last thing. The account won't be terminated. Won't be sold, won't be blah blah. This is a nasty hoax that's going around. If you open it, then you probably wreck everything ever to do with your PC for God knows how long. Just trash the email without even opening it.

ISPs will never send you ZIP files etc in an email. If there was ever such a need, they would host the file on their server and give you a direct link to the page. In that instance, check the web address is still the place you clicked on, and that it hasn't changed.

You've been warned.
Throw it away, and ignore it. ISPs are over-run with this email virus at the moment, they really do know about it.

[curious george]

How quickly can you say "Dodgy"?

[FlyingDutchMan]

I'd recon it is bogus. If I get an email from someone I don't know asking me open the attachment it goes straight in the bin regardless how authentic it looks. Its more than likely a virus.

In fact after a quick look at the xtra site came ou with this:
http://xtra.co.nz/help/0,,11741-4449528,00.html

Mytob.DG AKA Mytob-CV Worm
Date discovered: 5th June 2005

How it spreads

Mytob.DG is a mass-mailing worm with back door capabilities that uses its own SMTP mail engine to send itself to addresses it gathers from infected computers.

Mytob.DG affects Windows 95, NT, 98, ME, 2000, Windows Server 2003, Windows XP.

What it does

* Mytob.DG copies itself as \System\We Love Lien Van de Kelder.exe


* Alters the Windows registry.


* Harvests email addresses from files on the infected computer.


* Uses its own SMTP engine to send itself to the email addresses that it finds. The From: field varies and may be spoofed. In some cases the infected email may appear to come from an official looking email address like webmaster@xtra.co.nz and support@xtra.co.nz.The Subject: field is one of the following:


Notice: **Last Warning**
*DETECTED* Online User Violation
Your Email Account is Suspended For Security Reasons
Account Alert
Important Notification
*WARNING* Your Email Account Will Be Closed
Security measures
Email Account Suspension
Notice of account limitation
[random]
* The message body is one of the following:


Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.

The original message has been included as an attachment.

We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

We attached some important information regarding your account.

Please read the attached document and follow it's instructions.
* The attachment name is one of the following:


email-info
email-doc
information
account-details
document
INFO
instructions
info-text
information
[random]
with one of the following as an extension:

.pif
.scr
.exe
.cmd
.bat
.zip
* Opens a back door by connecting to the IRC server irc.blackcarder.net on TCP port 4512. The worm then listens for commands from remote hackers.


* Blocks access to security-related Web sites by altering the hosts file.


* Attempts to shut down running Windows processes and security related software.

How to protect yourself:

You can find detailed removal advice and removal tools from the following Website.

* Symantec Web site

There are several known variants of MyTob, the best way to protect yourself is to Update your Anti Virus software and run a complete system scan. Also check that your system is patched to the latest Windows version by running Windows Update and that you are running a firewall.

[curious george]

Jeez, 3 replies just as I was writing mine.... fast people about these parts!

[Blackbird]

Thanks so much for the input everyone - confirms my thoughts.

I actually did some computer maintenance for him last weekend, putting SpyBot and Ad-Aware on his PC. They flushed out a whole load of stuff. Perhaps the damage had already been done. I had a peek at his system and his Norton package said that a firewall was enabled but maybe I'd be better off disabling it and putting on Zone Alarm for him.

[bugjuice]

Easiest way to protect yourself from things like this is really really really easy. And I know I'll have some backing here:

Buy an Apple Mac people!!

see, now how easy was that?

[crashe]

Like the others have said....

Do NOT open up the file..
DELETE it straight away.

Never open anything if you do not know and trust the sender.

If in doubt send it to the xtra team.... they will reply back to you.

helpdesk@xtra.co.nz
or
comments@xtra.co.nz

These sorts of emails are HOAXes..

[Badcat]

Easiest way to protect yourself from things like this is really really really easy. And I know I'll have some backing here:

Buy an Apple Mac people!!

see, now how easy was that?

...what he said.

[James Deuce]

Easiest way to protect yourself from things like this is really really really easy. And I know I'll have some backing here:

Buy an Apple Mac people!!

see, now how easy was that?

Mac's aren't immune to viruses, and it it is now vulnerable to the same suite of exploits as BSD.

The ONLY reason Microsoft OSes get hit so hard is that it is the most "popular" OS, and therefore has a bigger range of tool sets for script weenies to package up a "virus". Once Apple migrate to an Intel CPU platform, the script kiddies will start on OSX (or whatever version of OS Apple is running).

[bugjuice]

Mac's aren't immune to viruses, and it it is now vulnerable to the same suite of exploits as BSD.

The ONLY reason Microsoft OSes get hit so hard is that it is the most "popular" OS, and therefore has a bigger range of tool sets for script weenies to package up a "virus". Once Apple migrate to an Intel CPU platform, the script kiddies will start on OSX (or whatever version of OS Apple is running).

didn't say they were immune. In fact, anyone with half a brain cell could write a very nasty one, very easily, just by using Applescript.

But the logic is simple. Everyone hates M$, and M$ have a monsterous market share in the world. So bring down M$, you bring down the world.
Have a go at Apple, and people don't like you. People like their macs, almost like a pet. Mine is a pet. I call mine Nananer..

Just cos they're moving to MacIntel, doesn't make them any more vunerable then they were before. Still Unix based OS with a prudy GUi on the front. The hardware isn't that irrelevant. You can't target a computer just cos the CPU is a specific brand

[Badcat]

Mac's aren't immune to viruses, and it it is now vulnerable to the same suite of exploits as BSD.

The ONLY reason Microsoft OSes get hit so hard is that it is the most "popular" OS, and therefore has a bigger range of tool sets for script weenies to package up a "virus". Once Apple migrate to an Intel CPU platform, the script kiddies will start on OSX (or whatever version of OS Apple is running).

i'd be keen to hear your logic behind that, jim.
why would scriptkiddies target macs more because the processor is an intel?
mac os won't be running commercially on windows hardware - only apple hardware. apple have said they won't preclude an intel-mac owner running windows on the machine - but they won't be licencing macOS to run on non-apple manufactured hardware.

ken newell
MacOS Business Unit
Microsoft NZ

[bugjuice]

i'd be keen to hear your logic behind that, jim.
why would scriptkiddies target macs more because the processor is an intel?
mac os won't be running commercially on windows hardware - only apple hardware. apple have said they won't preclude an intel-mac owner running windows on the machine - but they won't be licencing macOS to run on non-apple manufactured hardware.

ken newell
MacOS Business Unit
Microsoft NZ

eggsactry.
besides, Mac OS can't run .exe files that most viruses are etc, and just wouldn't work, no matter what. Different scripting/coding cos it's a different OS.
Itsa likea chalk anda meatballa..