New virus alert info - E-mail package - Backdoor.Haxdoor.O

[ralphsulser]

This is a new virus alert posted by our IT Manager this morning:

Please read. If you get an email like this please delete immediately.

Threat Level: Category 3 - Moderate

Outbreak Type: Trojan Horse Protection Update.

On July 24, 2006 Symantec Security Response observed an increase in email activity through Symantec's Global Intelligence Network. The emails contain a message and or attachment about an online order supposedly placed by the recipient. These emails appear to come from a legitimate online retailer, but in fact the emails are coming from a malicious attacker. The message indicates that the attached file is the invoice for the order, but instead it contains a backdoor trojan, and if executed will compromise the user's computer.

Symantec Security Response has determined that these emails are variants of the Haxdoor backdoor trojan.

Virus definitions released on July 24, 2006 by Symantec will detect this threat as Backdoor.Haxdoor.O. Some variants of this threat may already be detected as Backdoor.Haxdoor.I. Symantec advises users to be suspicious of unexpected emails that contain attachments claiming to be from online retailers. Symantec will closely monitor this situation and will provide updates and security content as it becomes available.

 

[little__cee]

From the email I received this morning - in addition to what was already posted:


How does it affect me?

To reduce the possibility of being affected by security vulnerabilities, Symantec Security Response advises users to do the following:
1. Never open files contained in emails sent by those you don't know and trust
2. Regularly run Windows Update and install the latest security updates to keep software up to date.
3. Use an Internet security solution such as Norton Internet Security to protect against today's known and tomorrow's unknown threats

 

[JerryStem]

Are there people still opening attachments from unknown sources?? Still falling for the "Your PayPal/eBay/Bank/CreditCard account needs to be verified" notices??

I almost say they deserve it but that would be unfair. I'll bet my stepdad would fall for all of the above...

Jerry
(I email PayPal spoofs to PayPal almost daily)

 

[little__cee]

Wow - you email the spoofs? I do too! Thought I was the only one. I get at least one ebay spoof email per day and I send it to the spoof address that they have on their site.

Good to know I'm not the only one! Wow.

 

[Joe Hahn]

I, too, email those spoofs to the ebay and/or PayPal sites almost every day. It is nice to know that we are not alone.

 

[JerryStem]

Well, I guess I'll keep doing it then! Thought by now they'd seen them all..

Jerry

 

[Wes Bucey]

Well, I guess I'll keep doing it then! Thought by now they'd seen them all..

Jerry

I, also, forward the phishing attempts to paypal and ebay. I also get phishing attempts for dozens of banks and countless "Nigerian letters."

Alas, most of the banks do not have a mechanism to report spams and they certainly do not pursue the matter the way paypal, ebay, and aol do.

There is a government address to forward various spam

How do I report spam?

Is your e-mail inbox crowded with messages promising get-rich-quick schemes, vacation prizes or miracle diets? You can put a stop to unsolicited e-mail, also known as spam, by forwarding it to the Federal Trade Commission. The FTC will investigate the e-mails for possible law enforcement action. For an explanation of the top fraudulent spam, see this FTC statement. Forward any spam you receive to [email protected].

They don't respond like ebay and paypal with long letters stating the obvious -

not ours! don't give them info! If you did give them info, contact us and change your access data.

Of course, that doesn't do anything if you were foolish enough to give up SSN or credit card #.

I, as a "power internet user" had a big laugh at every spam or phishing attempt, but I know lots of newbies who might "bite" - heck, just think of how many friends you have that send you all the urban legends, thinking they are absolutely true and they are providing a public service by telling you!