?

Log in

No account? Create an account
FlexiPrint Trojan / Virus warning! - Sophie
browse
my journal
links
January 2012
 

Date: 2005-11-17 11:10
Security: Public
Tags:public, virus warning
Subject: FlexiPrint Trojan / Virus warning!

[this is a public post]

One of the people at my workplace got infected by a trojan/virus today. It's pretty new, and seems to be spreading rapidly; Mcafee VirusScan couldn't detect it and I couldn't find much about it on the Internet. So here's what I do know.

This one is actually pretty good at getting you to run it, because the email it comes in is very well-written and is very enticing. The email will look something like these:

From: admin@flexiprint.com
Subject: Photo Approval Needed


Your photograph was forwarded to us as part of an article we are publishing for our May edition of Business Review Monthly. Can you check over the format and get back to us with your approval or any changes you would like.

If the photograph is not to your liking then please attach a preferred one. We have uploaded the photo and article here, [URL snipped by Ciaran]

Kind regards,

John Andrews
Dept. Marketing
http://www.FlexiPrint.com
Or:
Hello,

I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser.

As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue.

Kind regards,

James Andrews
Dept. Publishing
FlexiPrint.co.uk
The person at my workplace got the second one. The attachment differs between cases, apparently; we got a ZIP file with a file named SO.SCR inide, using the icon for a .PDF file. Unfortunately, he didn't know that .SCR files aren't screenshots, but screensavers - in actual fact, just .EXE files renamed. He ran it, and the virus popped up an error, but of course it had installed onto his system and the error was just a cover for that.

The trojan apparently turns the computer into an IRC zombie. For more info on the technical side of what it does, check out http://sandbox.norman.no/live_2.html?logfile=385846 .

A good rule of thumb is that if you get a file ending in .SCR at all via an email, do not open it unless you are absolutely sure you know what you're doing. There is absolutely no need for anybody to be sending you screensavers, and it's a common method of fooling people into thinking it's something other than an .EXE.

Please link to this post so that others can find it in Google.

Post A Comment | 2 Comments | Share | Link



Cody B.: Osaka
User: codeman38
Date: 2005-11-21 18:52 (UTC)
Userpic:Osaka
Subject: (no subject)

This particular Trojan is starting to get some press now; I've found it referenced on quite a few popular forums, not to mention most of the major antivirus sites. It's even making it to sites about non-Windows platforms; I learned about it from MacInTouch, which states it's been around since April!

Personally, I find the latter variant amusing, for I have the opposite issue— I'll design sites that look perfectly good in Mozilla, Opera, and Safari/Konqueror, only to discover during testing on a virtual Windows machine that they're completely unreadable in IE. But given the number of IE-centric sites I've stumbled across, I can see how this thing might do some massive spreading. I'm all in favor of people testing their sites in alternative browsers, but this surely isn't the way to do it!

Reply | Thread | Link

Blue Jean Baby
User: zero__
Date: 2005-12-01 18:03 (UTC)
Subject: (no subject)

I'm currently working on my thesis, which is centering around Livejournal and social support. If you are over 18, I would appreciate it greatly if you could take the time to fill out a short survey located at this website:

Livejournal survey

Thank you so much for your time!!!
-Melissa
zero__

Reply | Thread | Link