New Spam or Virus attack on Outlook 2003
Updated: 21 May 2010 | 7 comments
Anyone having this problem?
Started today at 0900 Arizona time
Outlook receives a message stating:
"We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, you mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility."
Best regards, {domain}.com tachnical support.
the attachment is utility.zip
Thanks
discussion Filed Under:
Comments
The utility that you would
The utility that you would have received would have been quarntined. IT IS A SPAM. Please delete that and ignore it
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
The first two workstations,
The first two workstations, (SAV 10.0.1.1000 clients) that reported the problem had no indication from SAV that a file had been quarentined or blocked.
Virus definitions are 11/15/2009 Rev. 2
They users had not clicked on the attachment to open it.
We are beginning to be flooded. The spam uses multiple from addresses with our domain name appended to it.
Yes, We received the same
Yes, We received the same emails here in California.
Do as Prachand stated and delete the message.
Best,
Thomas
That's Seems to be a
That's Seems to be a BIG SPAM. even we recived the same in Pune
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Ireland Too
That spam's been seen here in Dublin as well. The attachment is being detected and removed by SAV, SEP, SMSMSE and other Symantec products, so users of the above with current definitions are safe.
BTW--- I strongly encourage anyone on any version of SAV earlier than 10.1 MR9 to upgrade to this latest version. There are hundreds of fixes, enhancements and improvements between 10.0.1 (for instance) and 10.1.9. The early releases are also known to be vulnerable to certain kinds of attack- definitely keep your defenses up if there are new widespread threats circulating. Upgrade as soon as possible!
Thanks and best regards,
Mick
With thanks and best regards,
Mick
Same here, with most recent updates and programs NOT detected
SEP, SMSMSE up to date.
Mail Security for Exchange Virus definitions 11/16/2009 Rev 2
Endpoint Protection at also 2009-11-16 rev. 002
Not detected by ether. Not sure what Symantec is babbling about but they don't seem to be on the ball at the moment.
Yes it should be clean automatically but it's not.
So, no Even if your up-to-date.
For now I'd put a filter in for the file name or hash.
Justin.
Check AutoProtect is Functioning / Use ADC
Hi Justin,
On your Symantec Mail Security for MS Exchange, make sure that its AutoProtect is scanning the SMTP stream - current defintions should detect that message's utility.zip file as "Backdoor.Trojan." The autoprotect built into SAV or SEP should also make the same detection should the file reach an end user.
If it is not being detected, please submit the attachment file to Symantec Security Response for analysis. Names are poor indicators of a threat's underlying code. There's always the possibility of new variants coming into circulation.
The suggestion to add a rule to block files by their MD5 is a good short-term measure. Many thanks for additing it to the forum! Here's an article with step-by-step instructions on using SEP's Application and Device Control to do exactly that: How to use Application and Device Control to limit the spread of a threat.
Thanks and best regards,
Mick
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.