LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Beware a New Virus
From:	"Johnson Jr., Earl" <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Fri, 10 Sep 2010 10:48:40 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (76 lines)

Good information Patrick, our IT folks just sent out an email about this virus after being alerted by Microsoft.  They call it the "Here you have" or "Just for you" virus, and said that the email will be from someone you know.  It propagates by sending itself out to everyone in your address book as fast as it can from the mailbox of the individual who clicks on the link. 

There's more information about it here, at the MacAfee Labs Blog: http://www.avertlabs.com/research/blog/.

Thanks.
Earl

Pipeline Records and Information Management Excellence... Get PRIMEd!
---------------------------------------------------------------------------------------------------------------------------------
Earl Johnson, Jr., CRM  |  Corporate Records Manager
Colonial Pipeline Company  |  1185 Sanctuary Parkway, Suite 100, Alpharetta, GA 30009
Email: [log in to unmask]  |  Office: 678-762-2586  |  Blackberry: 404-402-4420

This message may contain CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s) named above. Any disclosure, distribution, copying or use of the information by others is strictly prohibited. If you have received this message in error, please advise the sender by immediate reply and delete the original message.

-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf Of Patrick Cunningham
Sent: Thursday, September 09, 2010 7:23 PM
To: [log in to unmask]
Subject: Beware a New Virus

I saw an email posted to one other Listserve that concerned me and I checked it 
out a bit. 

The subject line was "Here you have". The body of the message contained two 
lines. One line was poorly constructed English. The second line contained a URL 
that allegedly linked to a document. When you mouseover the URL, you can see 
that the actual URL is different from what was printed in the message. That URL 
links to a file that is not a PDF, but has a filename ending in "PDF.SCR". If 
you were to click on that URL, you would execute malicious code on your 
computer. The code would also attempt to propagate itself by emailing people in 
your address books. Most antivirus products would not catch this exploit, 
although some did and most now are being updated.

If you have received this email AND if you have clicked the URL, you may have an 
ongoing malware infection.

For more information see: 
http://www.avertlabs.com/research/blog/index.php/2010/09/09/widespread-reporting-of-here-you-have-virus/


Also: http://isc.sans.edu/diary.html?storyid=9529


As always, folks, pay attention to what you are sent in email. If the language 
doesn't look right, it is probably something evil. Always, always, always roll 
your mouse over a URL before you click on the URL. If the previewed URL (in 
Internet Explorer, at the bottom of the IE window) does not match what is typed 
in the message, do not click the link. You'll always see this when a hacker 
sends you a message purportedly from your financial institution. In addition, 
check for updates for your computer and all software that you use and make sure 
that your antivirus software updates automatically.

At present, it appears that the first round of this virus has been killed off, 
but there are likely quite a few infected machines out there. You can expect 
several rounds of similar types of messages as the machines that aren't 
disinfected get updates from the hacker's command and control servers. Odds are, 
this thing will take a while to kill off, although the hackers didn't appear to 
be very sophiticated to start.
 Patrick Cunningham, CRM, FAI
[log in to unmask] 


"Perpetual optimism is a force multiplier." 
-- Colin Powell 

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US