Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 97 - September 2009 - Page 4

Pages in this month's issue:
  1. Fake Happy Burger Day Red Robin Coupon
  2. ANZ Invalid Login Attempts Phishing Scam
  3. Mexican Largest Flower in the World Photo - Blooms Once Every Forty Years
  4. Mailbox Deactivated Trojan Email
  5. The Obama Phone - Free Cell Phones for Welfare Recipients
  6. Sachin Tendulkar And The Shell Shaped House
  7. First Communion on the Moon
  8. The Uno - Ben Gulak's Innovative Electric Motorbike
  9. Most Colourful River In The World Photographs
  10. Hyundai Chairman Charity Donation Scam
  11. Stopped The Train - Burning Train Bridge at Sharon Springs
  12. MSN 18 Contacts Hoax
  13. Facebook Password Reset Confirmation Trojan Email
  14. Microsoft Email Beta Test Hoax Continues
  15. Let's Say Thanks Website - Send a Card to a Soldier

Issue 97 Start Menu

Previous Article            Next Article

Mailbox Deactivated Trojan Email

Summary:
Email purporting to be from technical support claims that the recipient's mailbox has been deactivated and he or she must run an attached utility in order to restore email service (Full commentary below).



Status:
False - Attachment contains a malicious trojan

Example:(Received, November 2009)
From: automailer@[target domain name]
Subject: your mailbox has been deactivated


We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, [target domain name] technical support.

[utility.zip attachment]



Commentary:
Malware emails that claim that the recipient's email account has been deactivated are currently being distributed. According to the message, unusual activity has been detected on the user's account and, as a result, his or her mailbox has been deactivated. The email instructs the recipient to extract and run an attached "mailbox utility", supposedly in order to restore their email service.

However, the email is not from the recipient's ISP or hosting company and the attachment does not contain a mailbox utility. In fact, those who fall for the ruse and open the attachment will install a copy of the Mal/EncPk-LP trojan.

The messages use fake sender addresses to make it appear that they originate with the user's service provider. For instance, if the recipient has the email address, usersname@example.com, the malware email will arrive with an address such as automailer@example.com and will also end with a line such as "best regards, example.com technical support".

By using the recipient's own domain name in the malware messages, the criminals responsible for the malware attack hope to fool more recipients into believing the bogus claims in the message and opening the attachment. Unfortunately, clever little tricks such as these still work well and are therefore regularly used by Internet criminals.

While a service provider may contact you via email if they have detected a problem with your email account, it is extremely unlikely that they would include any sort of utility, software patch or update as an email attachment. If you receive such an email, do not open any attachments or click on any links that come with the message. Remember that it is quite easy for criminals to make it appear that an email is legitimate by using fake "from" addresses, disguised links, and logos or other graphics stolen from the genuine company's website.

Bookmark and Share



References:
Your mailbox has NOT been deactivated
Abnormal Activity From Your IP Alert Email

Previous Article            Next Article

Issue 97 Start Menu

Pages in this month's issue:
  1. Fake Happy Burger Day Red Robin Coupon
  2. ANZ Invalid Login Attempts Phishing Scam
  3. Mexican Largest Flower in the World Photo - Blooms Once Every Forty Years
  4. Mailbox Deactivated Trojan Email
  5. The Obama Phone - Free Cell Phones for Welfare Recipients
  6. Sachin Tendulkar And The Shell Shaped House
  7. First Communion on the Moon
  8. The Uno - Ben Gulak's Innovative Electric Motorbike
  9. Most Colourful River In The World Photographs
  10. Hyundai Chairman Charity Donation Scam
  11. Stopped The Train - Burning Train Bridge at Sharon Springs
  12. MSN 18 Contacts Hoax
  13. Facebook Password Reset Confirmation Trojan Email
  14. Microsoft Email Beta Test Hoax Continues
  15. Let's Say Thanks Website - Send a Card to a Soldier