New virus warning

Fairlight fairlite at fairlite.com
Thu Apr 8 22:26:47 PDT 2004 

In the relative spacial/temporal region of
Thu, Apr 08, 2004 at 08:38:10PM -0700, Bill Campbell achieved the spontaneous
generation of the following:
> 
> There have been a number of ``human engineering'' worms recently which
> attempt to get the recipient to manually unzip and execute a file, often
> password protected with the password in the body of the message.  These
> often appear to have come from your ISP including URLs to their web server.
> Close examination of Received: headers shows they don't come from the ISP.

I've seen one that supposedly came from IgLou.  It's hilarious, really,
because of both their stance on such things, and because the grammar was a
dead giveaway without even checking the headers.

> I don't know any legitimate ISPs that would send executables to their
> customers if there were problems.

Me either.

> Another common spam are the ``phishing'' messages that claim to be from
> your bank, paypal, or other financial institutions, and say that you need
> to confirm card or account data.

This is becoming more prevalent.  I've had a few from eBay and several from
PayPal.  I just forward them with full headers to spoof@[whichever] and let
them have fun.

> Some of these messages are fairly legitimate looking, and it's amazing how
> many people fall for them.

They're -very- well crafted, as apparently are the sites they lead to,
right down to the logos and graphics and layout.  eBay I believe I just saw
now has a toolbar for IE that will tell you when you're actually on an
official eBay site as opposed to a spoof.  I'm not sure how they do it, but
I'd bet it will be beaten fairly easily.  What's interesting is that unless
you look very carefully, some of these phishing ones are -so- well crafted,
they appear to actually have come from inside eBay or PayPal.  I saw one
where it actually seemed like it -was- officially from their site, and
could not figure out immediately how they achieved that level of forgery,
but it was impressive in the sophistication used.  A real giveaway though
is that they keep using the wrong name.  They're using the wrong email
addresses for PayPal, and wrong username for eBay.  I can tell it's 100%
USENET-harvested just by who they send to.

And is it me, or has spam gotten worse in the last 2 months?  My last few
MailBlock reports showed me 8200+, then 9100+, then 10600+, and yesterday I
just saw one that said 11800+ messages blocked in a 14-day period.  And
that -discounts- the ones that sneak through that my own software catches,
which is about another 5-10% on top of that.  Seems like spam is actually
increasing, not decreasing.

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html

More information about the Filepro-list mailing list