Home

Protect your PC from malicious E-Mail

Avoid clicking on unexpected email attachments!

A lot of trojan viruses are being deliberately spread in order to steal the
passwords of Internet subscribers. These trojans and viruses arrive in your
email disguised as various "useful" or "interesting" files that seem
attractive to click. The cover messages are designed to entice you into
activating the attachments.

Don't be fooled and never click on these files. Delete them immediately.

Samples of fraudulent e-mail messages

The latest flareups of fraudulent and malicious e-mail include
payloads for the Hybris Trojan and the MTX Supervirus.

The W32.Hybris.gen trojan
is an Internet worm which can be received by email. If run, this worm
modifies the WSOCK32.DLL file, after which, an attempt is made to mail a
copy of the worm to all mail recipients whenever email messages are sent
out. The worm is sent unknowingly by the user of the infected PC.
In addition, it downloads encrypted update components from a web site, most likely the
worm creator's site.

The worm was sent using a number of faked or non-existent MosCom email addresses
with highly pornographic text in both the message body and the subject
header. More
information on this can be found here.

The MTX Supervirus is a combination virus/worm/backdoor trojan
that usually contains .pif files as attachments. An infected PC will send out two e-mail
messages; the first e-mail is a normal e-mail message, followed by a
second e-mail that lacks a subject and body. That second e-mail might
contain one of the attached files found in the list below:

I_wanna_see_you.txt.pif
Matrix_screen_saver.scr
Love_letter_for_you.txt.pif
New_playboy_screen_saver.scr
Bill_gates_piece.jpg.pif
Tiazinha.jpg.pif
Feiticeira_nua.jpg.pif
Geocities_free_sites.txt.pif
New_napster_site.txt.pif
Metallica_song.mp3.pif
Anti_cih.exe
Internet_security_forum.doc.pif
Alanis_screen_saver.scr
Reader_digest_letter.txt.pif
Win_$100_now.doc.pif
Is_linux_good_enough!.txt.pif
Qi_test.exe
Avp_updates.exe
Seicho_no_ie.exe
You_are_fat!.txt.pif
Free_xxx_sites.txt.pif
I_am_sorry.doc.pif
Me_nude.avi.pif
Sorry_about_yesterday.doc.pif
Protect_your_credit.html.pif
Jimi_hendrix.mp3.pif
Hanson.scr
F___ing_with_dogs.scr
Matrix_2_is_out.scr
Zipped_files.exe
Blink_182.mp3.pif

Other filename variations could exist, but most of the attached files
have the double extension format ending with a .pif file. More details on the MTX Supervirus can be found
here.

The BackDoor-g2.svr.gen
trojan is a client program (also known as "subseven") that when
activated will allow the sender to control your PC from a remote location
and steal your critical information. Previous examples were messages with the
subjects below:

* "erap"
* "erapjoke"
* "erap
estrada"
* "DHL PROMO FREE !!!"
* "COKE DISCOUNT"
* "what is
mozcom??"

Some sample body text in these emails are:

* "Madam, FOR YOUR PROMO OF FREE OF CHARGE!!! VIEW THE ATTACHMENT TO FILL
OUT THE FORM"
* "to view erap picture click erap at attachment and want to see more joke
clike more_joke! thanks hope u like!"

In some cases the body of the message is an excerpt from
MosCom's 6th Anniversary news
article. It ends in the statement: "avail the
news!!!" Go
here for more information on this trojan.

MosCom's Corporate E-mail Policy

We urge all subscribers not to click on any email attachment that you did
not specifically ask for, even if it claims to be from MosCom Internet or
from somebody you know. When in doubt, confirm with the e-mail sender (by
phone if possible) whether he or she really intended to send the attachment
to you before you activate it.

MosCom Internet does NOT send out e-mail notifications with attachments.

If you receive e-mail from a mozcom.com address claiming to be from Systems
Administration or Technical Support that instructs you to click on an
attachment to view it or to "fix" your system, please do not open the
attachment. Delete the e-mail instead.

(If you know what you're doing, you may forward the suspicious e-mail
message as another attachment to abuse@mozcom.com for analysis, with a
short warning note describing your suspicions. The forwarded e-mail message
must contain the complete message headers.)

For technical and customer service support, please call your nearest MosCom
Point of Presence.