Color me the purple-headed fool. I almost started panicking when I read this:
Took me about 10 whole seconds to realize that yahoo mail is a web-based service, which means that any sort of virus from my comp would not be able to have direct access to it (as opposed to an email client program like Outlook or Eudora), and that installing software to get rid of stuff on my computer would not have any effect on the Yahoo server where my account resides. Now I never had any intention of actually opening the attachment, but I was legitimately concerned for those 10 seconds. I must be getting dumber.
I bet those bastiches will find some hits with this attempt, though.
Oh, and I forgot to mention that it was from “support@yahoo.com”, which is about ten thousand times more convincing than the typical “Alicia@hotchicks.cum.org”. I know the From line email address can be fudged quite easily, but they sure got me, yer darn tootin’!
Our IT deptartment sent an email this morning warning everyone about that one. It apparently spoofs whatever mail server you’re using to fomulate the “from” line to look convincing.
Our company is entirely Mac-based, so most of these worms don’t affect/infect us. However, it pisses us off nontheless.
We use non-conventional usernames to cut down on general spam (so trying to send spam to “sales@ourdomain.com” will just get you added to our spam filters.)
Any e-mail coming from Management, Staff, Admin or any traditional username is laughably suspicious.
As soon as a message from “staff@ourdomain.com” showed up, everyone knew it was pure shit.
It was the Bagle virus/worm/whatever that said “due to e-mail misuse, the account would be terminated, blah, blah, blah”. Yeah, right. As if. Our office is so small that if anyone abused their e-mail use, I’d just reach over and smack 'em.
Everyone was indignant though because everyone thought this was a particularly scuzzy virus and were outraged on behalf of all those who could be duped.
We’re putting together a voo-doo doll. We are cursing the script-kiddie that put this shit together… Every time an inbox anywhere in the world receives this shit, the virus-author will be stung by a bee.
Now I’m going to have to worry that my mother will open this because the ‘adress was official’ or something like that. All her emails come from her friends sending her those ‘fwd. fwd. fwd.’ glurge crap, and she opens ALL her attachments. It’ll be likely she’ll download it unknowingly. When I told her not to open any attachmens except for images(please correct me if I’m wrong, but images cannot propogate viruses/worms/trojans?) and she replied, rather puzzled at such a concept, “My friends would never send me viruses!”.
The only problem is that some virus attachments look like this:
funny.jpg.exe
And some folks get confused.
My mom also gets horrible glurge. Luckily, my mom thinks it’s all perfectly awful and just deletes it. She knows not to download anything that she has not specifically requested (she does need the occasional Word doc or PDF).
And, being proactive, I got her a Mac and made sure she uses only web-based e-mail like Yahoo for extra screening.
Question- I ‘ve gotten an E-mail sent to my bulk folder on yahoo with an attachment. I’m not sure(might be a FoF) who its from and I’ wanna open it but I should probably just delete it. Does Yahoo scan for viruses, when I get stuff sent from friends the attachments open on their own would a virus also?
Your IT people apparently have a better grasp of English than ours. It’s not at all unusual to get an e-mail from them with more than a few typos and misspellings. From Yahoo, yes, I’d expect the spelling to be right, but note that it will spoof the addy of your ISP or company, too.
I admit, when I got a copy of this, I stared at that e-mail hard for about two seconds before realizing it was bogus . . . which makes it about ten times more convincing than most virus pitches.
Ooohh… I got this little bugger on a couple of my accounts from a website I work for. I had a moment of confusion where I wondered if it might be from our server owner, but they lost me with the signature. I head the suchandsuch.com team, I don’t get emails from it. The fact that the attachment is tiny cinched it.
This is one of the more clever viruses I’ve seen, though. A far cry from the “this is my game. I expect you would like it” and “teapot hammer orangutan swimming desklamp” crap I’m used to deleting on sight.
Yeah, this nasty little fucker actually had me wondering for a few seconds. I’d just received a legit email from the AIR mailing list saying “a virus-infected email was just sent out from this address [which was true]. Don’t open the attachment! We apologize for the inconvenience,” when this one arrived with the same address in the header.
I got the same thing, but realized it was fake pretty quickly. Any “official” mail about anything regarding that account goes to the email address - a hotmail address - that I used when registering the domain. It’s still really sneaky, though.
Especially when the second (real) extension is hidden, and all you see is the first (false) one!
That’s how I got hit by this damned new virus a couple of days ago. I received an email in my work inbox (which I only use for work purposes, so it never gets spammed); the “From” address was from a collegue at a local hopsital, and when I open the email in Eudora I saw an attachment was labeled summary.txt. I wasn’t expecting an attachment, but this person was someone who might have had a good reason to send me one, and .txt files almost never carry anything… so I clicked on it. The damed thing was really a .exe file camoflagued as a .txt file! Thank heavens my hospital’s IT department had just updated the antivirus software; McAffee quarentined the nasty little bugger before it could do any harm.
You don’t have to be an utter moron to fall for some of these viruses these days; a momentary lapse of suspicion is all it takes.
I got one too but spoofed as my ISP. Deleted that and the next one was the good ol’ standby from “eBay”. That one was simple. eBay doesn’t have that particular email address.
I can’t tell you how many folks that have tried to send me the Nesky and Beagle virus in the last week.
I almost fell for an eBay phishing scheme about a week ago because Snopes didn’t have an updated version of it. Fortunately, I was able to track down the proper address at eBay (spoof@ebay.com) for them to verify it. I wonder how many successful bites the phishers get by people who don’t bother to check on 'em.
It sounds like I was sent a similar email scam - I got an email purportedly from Yahoo Support telling me that Yahoo email would be down for the next couple of days, and I should download some crap because of it. I just deleted it - I didn’t even look at what I was supposed to be downloading. If it was legit, too bad - I’ve never had to download anything from Yahoo in the eight years I’ve been using their service.
It’s not at all unusual to get an e-mail from them with more than a few typos and misspellings. From Yahoo, yes, I’d expect the spelling to be right, but note that it will spoof the addy of your ISP or company, too.