Archive - Originally posted on "The Horse's Mouth" - 2005-06-14 09:39:12 - Graham Ellis
Viruses and spam get more and more clever at getting through! The authors of these pieces of rogue software know that their victims are more likely to open emails that come from colleagues or - better - from their web administrator. It's very easy indeed to guess the account names for administrators, and also to harvest email addresses from web sites. It's also easy to send an email from one internet connection and pretend to be someone who has no connections whatever with that connection.
Suggested action
Make a presumption that all unsolicted emails that ask you to open something or validate an account are forged and attacks. However, these attacks make it very hard for the real administrator to get through to you. If you think an email might be genuine, I suggest that you email the administrator by TYPING IN HIS EMAIL ADDRESS into your mail program and not by following a link in the email you have received (again, that may be forged).
DO NOT open any enclosures until you hear back.
DO NOT click on anything that looks like a link ... especially if it ends in .com - it could be a Dos executable program.
You might be wondering if spam and email filters and virus checkers can help you. To some extent they can - we've already got email filtering in place and yet a proportion of these things get through. The particular problem with the messages highlighted in this article is that they're designed to look as close as possible to the genuine article, so they're hard for filters to deal with. We do recommend a virus checker on your own system, and that you use the virus checkers / filters provided by the ISP from whom your download.
Example of a rogue email
Here (for example) is an email I received within the last hour ....
Dear user graham,
You have successfully updated the password of your Wellho account.
If you did not authorize this change or if you need assistance with your account, please contact Wellho customer service at: administrator@wellho.net
Thank you for using Wellho!
The Wellho Support Team
+++ Attachment: No Virus (Clean)
+++ Wellho Antivirus - www.wellho.net
<enclosure called email-password of 31k, type .zip>
"Clearly" from someone who doesn't know us, for example ...
- We're "Well House Consultants" not "wellho"
- We don't style ourselves as "support team"
- We don't actually have an "administrator" email address
And what would be the point in sending out an attachment to someone who's correctly updated their email anyway? Ah - it's an attempt to get the recipient to open the .zip file which will infect his computer!