Virus News
Other sites with Virus Information
NOTE: There are STILL letters circulating about someone seeking/inheriting lots of cash (amounts vary) and asking for our help in getting it. These are HOAXES...do not reply to them, just delete them. Recently I had one that had my last name in it...they are getting clever!
Use anything found on the web at your own risk. WCNet takes no responsibility for items you may use or download.
WCNet Attacks!
There has been another series of Viruses going around. Many have attachments on them and have strange subjects and one or two word body messages. DO NOT open any of them, delete them out of your inbox and trash.
I received four emails stating they were from WCNet with various messages on them and with attachments. The WCNet administration and staff would NOT add attachments to ANY e-mail sent to clients.
Here are the body messages of these emails:
#1
Dear user, the management of Wcnet.org mailing system wants to let you know that,
Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.
For details see the attached file.
In order to read the attach you have to use the following password: 76421.
Have a good day,
The Wcnet.org team http://www.wcnet.org
They're pretty good, giving us the web page address and everything. DO NOT open any of these email attachments...delete them!
#2:
Dear user of Wcnet.org,
Your e-mail account will be disabled because of improper using in next
three days, if you are still wishing to use it, please, resign your
account information.
Pay attention on attached file.
Best wishes,
The Wcnet.org team http://www.wcnet.org
This one got my attention...but I still deleted it, especially since I had received three others.
#3:
Hello user of Wcnet.org e-mail server,
Our antivirus software has detected a large ammount of viruses outgoing
from your email account, you may use our free anti-virus tool to clean up
your computer software.
Pay attention on attached file.
Kind regards,
The Wcnet.org team http://www.wcnet.org
#4:
Hello user of Wcnet.org e-mail server,
Your e-mail account has been temporary disabled because of unauthorized access.
For details see the attach.
For security reasons attached file is password protected. The password is "68072".
The Management,
The Wcnet.org team http://www.wcnet.org
As you can see, each one refers to an attached file. I repeat...DO NOT open the files. Delete the messages! The files attached to my emails were .pif and .zip files. Actual file names were all different.
Service Providers Fraud
A virus-laden email has been circulating claiming to come from wcnet.org. This email demands that you open its attachment (actually the virus) or your Internet service will be terminated. Needless to say, this email is a fraud. Delete it from your computer, it is a virus.
WCNet would not send such a threatening email. We would contact any subscriber by US Post Office, never via this form of email.
WCNet works hard to block both spam and viruses. It is recommended that you also use virus protection software. The only absolute protection against viruses is to NEVER open (execute or run) an email attachment.
Again, this email changes service provider names. I received one at work for our service provider and they also sent out an email about this virus.
Do not open any attachments that you are unsure of. If in doubt, send an email or call the party from whom the email came. Remember, if unsure...delete the email from both your inbox and your trash/deleted items folder.
Banking Customers Fraud
HTML_CITIFRAUD.A is a non-destructive HTML virus that exploits an Internet Explorer (IE) vulnerability enabling a malicious user to spoof a Web site to obtain Citibank ATM/Debit card and PIN numbers of target users. To steal critical information it redirects affected users to a Web site that appears to be identical to the authentic Citibank Web site. It prompts target users to enter their ATM card number and PIN. It runs on systems supporting the Internet Explorer environment, and is still spreading in-the-wild.
I have also seen this virus with numerous bank names on it, so beware of any bank name using this format. Contact your bank directly if you have any questions of emails coming from them. DO NOT go to the web page and enter your card numbers if in any doubt.
There is a link to click and log into your "account."
By clicking the "Click Here to Login" button, the user is connected to a malicious Web site which looks identical to the genuine Citibank Web site, and prompts the user to provide their access codes and other credentials.
HTML viruses use scripts embedded in HTML files to do damage. These embedded scripts automatically execute, the moment the HTML page is viewed from a script-enabled browser.
If you would like to scan your computer for HTML_CITIFRAUD.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com
HTML_CITIFRAUD.A is detected and cleaned by Trend Micro pattern file #721 and above.
OTHER SITES WITH VIRUS INFORMATION
This newsletter is brought to you by the folks at WCNet.