Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Mailbox Deactivated Trojan Email

Summary:
Email purporting to be from technical support claims that the recipient's mailbox has been deactivated and he or she must run an attached utility in order to restore email service (Full commentary below).



Status:
False - Attachment contains a malicious trojan

Example:(Received, November 2009)
From: automailer@[target domain name]
Subject: your mailbox has been deactivated


We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, [target domain name] technical support.

[utility.zip attachment]



Commentary:
Malware emails that claim that the recipient's email account has been deactivated are currently being distributed. According to the message, unusual activity has been detected on the user's account and, as a result, his or her mailbox has been deactivated. The email instructs the recipient to extract and run an attached "mailbox utility", supposedly in order to restore their email service.

However, the email is not from the recipient's ISP or hosting company and the attachment does not contain a mailbox utility. In fact, those who fall for the ruse and open the attachment will install a copy of the Mal/EncPk-LP trojan.

The messages use fake sender addresses to make it appear that they originate with the user's service provider. For instance, if the recipient has the email address, usersname@example.com, the malware email will arrive with an address such as automailer@example.com and will also end with a line such as "best regards, example.com technical support".

By using the recipient's own domain name in the malware messages, the criminals responsible for the malware attack hope to fool more recipients into believing the bogus claims in the message and opening the attachment. Unfortunately, clever little tricks such as these still work well and are therefore regularly used by Internet criminals.

While a service provider may contact you via email if they have detected a problem with your email account, it is extremely unlikely that they would include any sort of utility, software patch or update as an email attachment. If you receive such an email, do not open any attachments or click on any links that come with the message. Remember that it is quite easy for criminals to make it appear that an email is legitimate by using fake "from" addresses, disguised links, and logos or other graphics stolen from the genuine company's website.

Bookmark and Share



References:
Your mailbox has NOT been deactivated
Abnormal Activity From Your IP Alert Email

Last updated: 18th November 2009
First published: 18th November 2009

Write-up by Brett M. Christensen

Similar Articles:
Facebook Password Reset Confirmation Trojan Email
Error in Shipping Address Trojan Email